January 23, 2018
New regulation requires safeguarding of controlled unclassified information
The U.S. government is in the process of implementing new regulations to protect controlled unclassified information, or CUI. CUI is defined as sensitive information that demonstrates risk resulting from the unauthorized access, use, disclosure, disruption, modification or destruction of information collected or maintained by or on behalf of an agency. All universities must develop plans to comply with the new regulation.
Research is one area that will be affected. Most granting agencies already require data management plans. Safeguarding CUI will mean meeting additional requirements. For example, a researcher with information deemed as CUI will need to protect data using encryption on a computer that is not connected to the internet or a network and store backup drives in a secure environment.
Funding agencies are in different phases of implementation, so only a handful of K-State grants are currently affected. Only the Department of Defense, the General Services Administration, and the National Aeronautics and Space Administration have implemented CUI requirements at this time. Timelines for remaining agencies should be published in the next few weeks. As the number of agencies implementing CUI regulations increases, so will the number of affected K-State researchers.
K-State is actively assessing the impact of CUI and determining necessary courses of action. Our goal is to work with investigators to ensure that they understand how to comply with the rules while submitting proposals and developing data management plans.
A working group is identifying CUI, seeking more information, and developing appropriate processes, and this group will share additional information as it becomes available. Find additional information about CUI. Questions can be directed to Jonathan Snowden or Craig Beardsley via KSUFSO@bri.ksu.edu.