Sponsored Research and Controlled Unclassified Information
The executive branch of the United States government is moving forward with new requirements for safeguarding controlled unclassified information, or CUI. Information provided by or collected on behalf of the 81 entities comprising the executive branch and that falls into at least one of the 26 CUI Registry categories will be considered CUI and will need to be safeguarded to at least NIST 800-171 standards. Multiple executive branch entities are currently implementing the new CUI requirements.
K-State is responsible for safeguarding CUI to the minimum standard mentioned above. The impact of safeguarding CUI will affect the entire university community.
CUI is identified by executive branch entities as sensitive information that demonstrates risk resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information collected or maintained by or on behalf of an agency. Executive branch entities include the Department of Agriculture, the National Science Foundation, the Department of Education, and so on. Executive branch entities are required to identify and mark CUI that requires safeguarding.
Executive branch entities are in different phases of implementing final rules for complying with CUI standards. At this time, only the Department of Defense (DoD), the General Services Administration (GSA), and the National Aeronautic and Space Association (NASA) have published the final rule. The Department of Homeland Security (DHS) has published a proposed rule, but it is unknown at this time when it will be finalized. The implementation schedule for the remaining federal agencies is under negotiation. The schedule is anticipated early in the calendar year 2018.
Under the direction of the Vice President for Research, a small group is working to do the following.
Identify sponsored research CUI activity on campus;
Educate key stakeholders about CUI;
Develop appropriate CUI processes;
Use existing DoD, GSA, NASA, and DHS sponsored research to test the proposed processes and corresponding solutions, including identification of CUI, development of CUI-specific solutions, management of CUI during its lifecycle, and disposition of CUI; and
- Develop CUI solution options for the different types of CUI, such as technical data, software, equipment, and materials. Each solution option will include access control, physical security, CUI training, auditing and disposition planning.
Laws, regulations, and executive orders
CUI program and publications
If you have questions, please contact Jonathan Snowden or Craig Beardsley at email@example.com.