Federal Information Security Requirements / CUI
The U.S. government is implementing requirements for safeguarding information provided by, collected, or maintained on its behalf. Specific federal agencies (Department of Defense, Department of the Interior, General Services Administration, and the National Aeronautics and Space Administration) have already adopted the requirements — including Controlled Unclassified Information, or CUI, requirements — and more will follow. For more information, visit our CUI web page.
If researchers receive federal funding that is subject to information security requirements, that information will need to be safeguarded through a set of defined standards. These standards include access control, physical security standards, and IT system security.
Researchers who are applying for awards from agencies listed above must incorporate funds for information security requirements in the budgets of all new proposal submissions.
Researchers who suspect they may be required to implement these controls in the future should also figure the additional costs into their budget proposals.
The flow chart below will help researchers determine whether they need to add costs for information security into their budgets (click the chart to open a larger PDF version).
The following tables provide guidance on funds to be added to budgets.
Computer Services (annual budget)
|Small||1||3.5GB||50GB||32GB||$1,200||Supports collaboration and document sharing|
|Medium||8||28GB||400GB||512GB||$4,300||Supports databases, analysis, collaboration, and document sharing|
|Largest configuration options for resource group|
* If the above options do not meet your software or high-performance computing needs, please contact firstname.lastname@example.org. Staff in the Office of Research Development or the University Research Compliance Office are also available to discuss.
Materials and Supplies (year one)
|Physical security||$2,200||One-time expenses for electronic door locks|