Controlled Unclassified Information (CUI)
About
Alert: NIST has published the final versions of Special Publication (SP) 800-171r3 (Revision 3), Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and SP 800-171Ar3, Assessing Security Requirements for Controlled Unclassified Information.
See
CUI Requires Strict Safeguarding and Dissemination Control
As required by the federal government, CUI can only be stored and processed on IT systems that have been risk assessed to comply with NIST SP 800-171 standards. Therefore, ¶¶Òõ̽̽ Investigators who will engage in a sponsored project that will require the use of CUI can only do so within an approved CUI environment.
CUI environments must be approved by ¶¶Òõ̽̽’s Information Security Officer, Scott Carbee.
Investigators, should not engage, accept, or receive CUI for any reason or purpose until an appropriate Information Security Plan (ISP) is in place and approved by the ¶¶Òõ̽̽ Chief Information Security Officer.
Sponsored Project Administration and CUI Projects
Where SPA identifies a CUI Project, SPA will connect the Principal Investigator to the ¶¶Òõ̽̽ Information Security Officer who will then work with the research team to develop an appropriate Information Security Plan (ISP), which safeguards the CUI and controls unauthorized dissemination.
For any reason a SPA project is not initially identified as using CUI in the work, it is the responsibility of the Investigator to initiate an Information Security Plan by contacting our Research Compliance Officer, Victoria Jones and our Information Security Officer, Scott Carbee.
For More Detail, See:
- University Operating Procedure (UOP):
- SPA Procedures:
Quick Links
Contact Research Integrity
Brian Prindle
Executive Director for Research Administration and Integrity
Brian.Prindle@¶¶Òõ̽̽.eduUpdated 6/13/2024