Secure Computing Core

LASER is available to principal investigators, subject to their data use agreement.

Projects are suitable for SCC if they must meet any of the following:

• Funding and compliance requirements:
  • FISMA moderate level
  • NIST 800-53
  • NIST 800-171
• Sensitive data types:
  • Controlled unclassified information (CUI) and covered defense information
  • Government-owned data
  • Protected Health Information (PHI) under HIPAA
  • U.S. federal classified data
  • Data received from industry partners

If you’re unsure whether your project requires SCC, contact Data_ORA@hms.harvard.edu.

SCC includes security services designed to safeguard systems, networks, and data:

• Security monitoring, incident response, and vulnerability management for continuous protection and proactive oversight.
• Endpoint security, infrastructure, network security, and data loss prevention to secure devices and networks used in research.
• Identity and access management to manage who can access applications and sensitive data.
• Secure document management for protected document storage, sharing, and collaboration.
• Change management to track and control changes in the computing environment.
• Program management for ongoing administrative support.

Available as project-specific services (in-house or via third parties, as required):

• Penetration testing
• Security assessment
• Code assessment (including custom software scanning)
• Compliance services supporting federal, state, or industry-specific regulations

HMS IT offers two secure computing environments:

• Longwood Area Secure Environment for Research (LASER) – On campus; adheres to NIST SP 800-171.
• Secure Cloud Computing – Cloud-based; complies with NIST SP 800-53.

Pricing depends on the selected environment and project-specific services. See Service costs in LASER for more information.

For questions about service eligibility, available environments, or choosing the best option for your project, contact Data_ORA@hms.harvard.edu.