Sponsored Research and Controlled Unclassified Information

The executive branch of the United States government requires protection measures for controlled unclassified information (CUI). Information provided by or collected on behalf of the 81 entities comprising the executive branch and that falls into at least one of the CUI Registry categories will be considered CUI and will need to be safeguarded to at least NIST 800-171 standards. Multiple executive branch entities are currently implementing the new CUI requirements.

The University of South Alabama is responsible for safeguarding CUI to the minimum standard mentioned above. 

Definition

CUI is identified by executive branch entities as "sensitive information that demonstrates risk resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information collected or maintained by or on behalf of an agency". Executive branch entities include the U.S. Department of Agriculture, the National Science Foundation, the U.S. Department of Education, and other federal agencies who sponsor research. Executive branch entities are required to identify and mark CUI that requires safeguarding. 

Timeline

Executive branch entities are in different phases of implementing final rules for complying with CUI standards. At this time, the Department of Defense (DoD), the General Services Administration (GSA), and the National Aeronautic and Space Association (NASA) have published the final rule. The Department of Homeland Security (DHS) has published a proposed rule. The implementation schedule for the remaining federal sponsors is under negotiation but is anticipated soon.

Resources

Laws, regulations, and executive orders

CUI tools and publications

Non-Disclosure Agreement (NDA)

Contact

If you have questions, please contact the Office of Sponsored Projects Administration at spa@erare.net .