Stay Informed & Inspired

User Attestation & Training

By Bax

Later this month, a new requirement will be imposed on all Research Infrastructure Services (RIS) users.

To align with the National Institutes of Health (NIH) data security requirements for controlled-access data, Research Infrastructure Services (RIS) is implementing a formal annual security attestation and training in Workday for all users and will be assigned to you no later than June 30, 2026

This approach has been approved by the Regulated Research Subcommittee and developed in collaboration with the OVCR to ensure alignment with institutional and sponsor expectations.

❓ Why

This process establishes compliance with NIST 800-171 security controls. Rather than limiting these controls strictly to specific systems, RIS is implementing them across its entire infrastructure. This proactive measure strengthens the overall security posture for all university research. 

The attestation and 10-minute security training will maintain a consistent, auditable security baseline in our shared environment, even if your work does not interact with controlled-access data.

❗️ Impact

The RIS environment itself is not changing; while we are fulfilling this compliance requirement, there will be no other changes to how users work within RIS outside of completing this attestation, unless they interact with controlled-access data. Failure to complete this Workday task by the deadline of September 30, 2026 will result in restriction or termination of access to RIS resources.

🗓️ Timeline

  • Workday Assignment – 2 tasks – June 30, 2026
    • Task 1 – RIS User Attestation Document – Due September 30, 2026 
    • Task 2 – Insider Threat Awareness Training – Due September 30, 2026 
  • Between June 30 and September 30, users will be reminded of incomplete tasks and encouraged to complete them by the deadline.

Once assigned, please complete the attestation and training in Workday to ensure uninterrupted access to the RIS environment.

Thank you for your cooperation in maintaining the security and compliance of our research environment.

Have questions? Contact us at the RIS Service Desk.