About Us

What is the Research IT CAFÉ?

The Research IT Controlled AWS FedRAMP Environment (CAFÉ) is a private, secure cloud environment in which researchers may remotely analyze sensitive data, create research results, and output their research results and analysis. This environment is described in detail in the Research IT’s CAFÉ Capabilities Briefing Document that is "pre-approved" and authorized by the VP of Research for use with all federal agency research/data provider C&G responses and proposals. Researchers may submit the Research IT CAFÉ capability briefing document in applications to various federal agencies/data providers for controlled datasets and licenses. The CAFÉ was developed by Research IT in cooperation with the Office of Cyber Risk Management with additional funding from the Office of Research.


Why is the Research IT CAFÉ needed?

Many federal C&G sponsors and controlled unclassified sponsors and data providers require a minimum set of standards for risk management and information security. For example, a standalone computer in a uniquely-keyed physical location, standard user account with strong password, no internet connection, USB/optical media being disabled, all printing being disabled and malware protection being installation could meet a federal minimum standard but it would increase the support labor and overhead expenses to manually manage this standalone instance. The Research IT CAFÉ is intended to be an alternative to the creation of an individual standalone solution each time a researcher needs to store or analyze controlled datasets.

This environment has initially been designed with the management, operational, and technical controls required by federal law and the U.S. government data providers. The drivers for this program include standards such as NIST 800-53rev4 - Guide to Federal Security and Privacy Controls, the supporting NIST special publications, and the subset of controls for the DoD DFARS clause 252.204-7012- Safeguarding of [Unclassified] Covered Defense Information, have been also put in place in the CAFE.

The CAFÉ minimizes the security and implementation burden for researchers who cannot easily construct their own data security plan. It also allows software and security updates to be made easily to the environment, and is scalable to be accessible to many users at a time. The CAFÉ will facilitate cost and time savings, space allocation difficulties, and eliminate redundancy of process/deployment of multiple systems across campus.


How do researchers access the Research IT CAFÉ?

Researchers use a secure web gateway client to connect to the secured CAFÉ web portal, which provides a secured connection to their remote Research Virtual Machine(s). The environment can be accessed from any internet-connected device, the secure web gateway software client needs to be installed on the researcher’s local device. The CAFÉ uses a multi-factor authentication service (MFA) for login to the CAFÉ web portal as well as the Secure File Transfer capabilities. The MFA service is simple to use - first, the researcher authenticates with his/her ProjectID/password and is then required to enter a second token (either by interacting with an App on their smartphone, entering a code from the App or SMS message, or by responding to a phone call to his/her enrolled number). After the second authentication factor completes, the user is logged in. The overall user experience in the CAFÉ is very similar to using other traditional Remote Desktop-type clients, but with more substantial security controls in place, and the ability to use almost any modern hardware to connect.


How do researchers get data in/out of the Research IT CAFÉ?

An initial upload of a researcher's secured controlled dataset to his/her CAFÉ Research Virtual Machine(s) will be performed by the Research IT CAFÉ Support staff upon creation of each Federally Sponsored Research IT Virtual Project. A Secure File Transfer capability is available within the CAFÉ to securely upload data files into Research Virtual Machine(s), as well as share files with other approved project colleagues/CAFÉ users. Researchers may also export data files outside of the CAFÉ when explicitly permitted by the federal agency or controlled/restricted data provider. More information about how to use the Secure File Transfer is available in the Research IT CAFÉ User Guide.