Data Classification

An essential element of a Data Governance Program is the simplification of data security via the development of a comprehensive data classification scheme. The following visual portray NMSU’s data governance spectrum and the University’s data classification scheme. As noted below, the entrusted regulated data bucket (involving personally identifiable information (PII) from students or employees, medical information or credit card data) and the government-owned data bucket represent high risk to NMSU and therefore any suspicious or actual compromise of this data must be reported immediately.

Most universities use a three or four category data classification scheme with research Universities such NMSU using a four category data classification scheme in order to separate government-owned research data. Sensitive research data is typically funded via grants & contracts that include information security stipulations related to the Federal Information Security Management Act (FISMA) or Controlled Unclassified Information (CUI) relating to Export Control (Export Administration Regulations (EAR)/International Traffic in Arms Regulations (ITAR), or other CUI category, which require compliance with National Institute of Standards and Technology Special Publications such as NIST SP 800-153 or NIST SP 800-171 or other security plan as required by the applicable federal funding agency.

As an NMSU employee, it is your responsibility to know the type of data that you handle as part of your normal job duties and to determine if it is regulated and to ensure proper handling and safeguarding.  Let NMSU’s Chief Privacy Officer know of any questions that you may have on how to handle and safeguard the data that you handle on a regular basis.

Data safeguards and standards for each data classification scheme are being developed and will be published soon.  In the meantime, ensure to practice the following basic data privacy & security practices as depicted below.

For more information, please visit NMSU’s IT Compliance website –

Report all Information Technology or Data Breach related Incidents to NMSU’s Chief Privacy Officer

All incidents or suspicious of incidents relating to the compromise or actual breach of NMSU data should be reported on a timely manner to or at 575-646-5902.

For more information contact:

Carlos S. Lobato, CPA
Chief Privacy Officer