Sponsored Research and Controlled Unclassified Information

The executive branch of the United States government is moving forward with new requirements for safeguarding controlled unclassified information, or CUI. Information provided by or collected on behalf of the 81 entities comprising the executive branch and that falls into at least one of the CUI Registry categories will be considered CUI and will need to be safeguarded to at least NIST 800-171 standards. Multiple executive branch entities are currently implementing the new CUI requirements.

K-State is responsible for safeguarding CUI to the minimum standard mentioned above. The impact of safeguarding CUI will affect the entire university community.

Definition

CUI is identified by executive branch entities as sensitive information that demonstrates risk resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information collected or maintained by or on behalf of an agency. Executive branch entities include the Department of Agriculture, the National Science Foundation, the Department of Education, and so on. Executive branch entities are required to identify and mark CUI that requires safeguarding.

Timeline

Executive branch entities are in different phases of implementing final rules for complying with CUI standards. At this time, only the Department of Defense, the General Services Administration and the National Aeronautic and Space Association have published the final rule. The Department of Homeland Security has published a proposed rule, but it is unknown at this time when it will be finalized. The implementation schedule for the remaining federal agencies is under negotiation.

Actions

Under the direction of the Vice President for Research, a small group is working to:

  • Identify sponsored research CUI activity on campus.

  • Educate key stakeholders about CUI.

  • Develop appropriate CUI processes.

  • Use existing DoD, GSA, NASA, and DHS sponsored research to test the proposed processes and corresponding solutions, including identification of CUI, development of CUI-specific solutions, management of CUI during its lifecycle, and disposition of CUI.

  • Develop CUI solution options for the different types of CUI, such as technical data, software, equipment, and materials. Each solution option will include access control, physical security, CUI training, auditing and disposition planning.

Resources

Budgets

Laws, regulations, and executive orders

CUI program and publications

Contact

If you have questions, please contact Jonathan Snowden cui@k-state.edu.