UCLA Policy 401: Minimum Security Standards for Network Devices

UCLA Policy 401: Minimum Security Standards for Network Devices specifies the minimum security standards for all electronic devices connected to the UCLA Campus Network, including those connected via the UCLA Virtual Private Network (VPN). Make sure you meet these minimum standards. See UCLA Policy 401, Attachment A.

Safeguard your login IDs and passwords

Be careful of email scams and fraudsters trying to get access to your cluster credentials. The IDRE Research Technology Group staff will never ask you for your password.

Cluster login IDs are single user login IDs only. Do not let anyone else know or use your login ID and password. Any form of use of another person’s account, for example using an ssh public key to gain access, is a violation of this policy. If we suspect that a login ID is being used by more than one person, we will suspend access to the login ID until the matter has been resolved.

Do not leave your local machine unattended while you are logged in to any cluster hosted by IDRE. If you think that your password has been compromised, change your password immediately and contact

Export Restricted Software

Pursuant to federal export control regulations, certain export restricted software must be protected. Export restricted software which must be protected includes: (1) certain strong encryption software, (2) software controlled under the Department of Energy 10 CFR §810 regulations, (3) software controlled under the Department of State, International Traffic in Arms (ITAR) regulations 22 CFR §120-130.

If you are storing any of the above export restricted software, we strongly recommend you remove it immediately. If you do decide to keep it, you must inform the Director of the IDRE Research Technology Group, in writing, about the export restricted software in your account. If a security breach occurs, you, as the custodian of the software, are liable for the exposure and subsequent export control regulatory violations. If you have questions about how your software is controlled under export regulations, contact Claudia Modlin, Research Policy and Compliance Coordinator at

Personal Information and Sensitive Data on Hoffman2

Personal information and other sensitive data, including statutory, regulatory, and contractually protected data — for example, human subjects research, restricted research, student and educational data, and PHI — are prohibited on Hoffman2. (See the UC Protection Level Classification Guide charts on Protection Level 3 and Protection Level 4 for details.)

Researchers using any data defined by UCLA Health as protected health data must contact UCLA Health IT. Such data are prohibited on Hoffman2.

UCLA Health defines ‘health data’ as “any information pertaining to the health, care, and treatment of UCLA Health patients or health plan members which: (1) results in a report used in treatment or monitoring of a patient; (2) generates a claim or a bill for services that are provided; and/or (3) is used for operations, financial management, population health activities or quality metrics.

Prospectively-collected clinical research data and related research results will not be considered Health Data if these data are collected/created exclusively for a sponsored research (“Sponsored Research Data”); however, Sponsored Research Data that appears in the patient’s medical record is Health Data. (The use of Sponsored Research Data may be subject to contractual and regulatory obligations; release of Sponsored Research Data to any entity other than the sponsor of the study must be reviewed in advance by the Clinical Trials Administration Office.) Non-health data is all other data collected at UCLA Health.”

Please contact the Director of the IDRE Research Technology Group if your research requires use of these types of data, or if you have any questions. More information about security requirements can be found at