Standard-Security Zone (SSZ)			High-Security Zone (HSZ)
	Storage		Computing Environments	Storage	Computing Environments
Data Classification	Research Project Storage (/project)	Research Standard Storage (/standard)	Rivanna/Afton (/home & /scratch)	High-Security Research Standard Storage	Ivy VM (/home)	ACCORD
Public	✅	✅	✅	✅	✅	✅
Internal-Use	✅	✅	✅	✅	✅	✅
Sensitive	✅	✅	✅	✅	✅	✅
Highly-Sensitive	❌	❌	❌	✅	✅	❌
Limited Dataset 1	❌	❌	❌	✅	✅	❌
De-Identified Dataset 2	✅	✅	✅	✅	✅	✅
HIPAA 3	❌	❌	❌	✅	✅	❌
CUI 4	❌	❌	❌	✅	✅	❌
dbGaP	❌	❌	❌	✅	✅	❌
FERPA 5	❌	❌	❌	✅	✅	✅
ITAR 6	❌	❌	❌	✅	✅	❌

¹ Limited datasets have direct identifiers removed, but may contain indirect identifiers including, complete dates, age, city, state, and complete ZIP code.
² De-identified datasets contain no identifiers. Note: identifiers can be recoded such that the source information is anonymized (e.g. date shifting, urban/rural determinations vs. ZIP codes, randomly generated subject identifier, etc.)
³ Health Insurance Portability and Accountability Act (HIPAA). Information protected under HIPAA includes any protected health information (PHI) in the medical record that can identify an individual. More information can be found here.
⁴ Controlled Unclassified Information (CUI). CUI data is information the government creates or possesses that requires safeguarding or dissemination controls when handling. More information can be found at this link. Includes data downloaded from the following controlled-access data repositories: Database of genotypes and phenotypes (dbGaP), BioData Catalyst, NCI Genomic Data Commons, ‌‌The NHGRI Genomic Data Science Analysis, Visualization, and Informatics Lab-Space (AnVIL), National Institute of Mental Health Data Archive (NDA), NIA Genetics of Alzheimer's Disease Data Storage Site (NIAGADS). The full list of controlled-access repositories can be found at this link.
⁵ Family Educational Rights & Privacy Act (FERPA). FERPA is a federal law that governs access to student education records. This includes personally identifiable information (PII) like name, SSN, date of birth, grades, and course schedules. More information can be found at this link.
⁶ International Traffic in Arms Regulations (ITAR). This includes military technology and software, technical data, and services. More information can be found at this link.