Sponsored Research and Controlled Unclassified Information
The executive branch of the United States government requires protection measures for controlled unclassified information (CUI). Information provided by or collected on behalf of the 81 entities comprising the executive branch and that falls into at least one of the CUI Registry categories will be considered CUI and will need to be safeguarded to at least NIST 800-171 standards. Multiple executive branch entities are currently implementing the new CUI requirements.
The University of South Alabama is responsible for safeguarding CUI to the minimum
standard mentioned above.
Definition
CUI is identified by executive branch entities as "sensitive information that demonstrates risk resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information collected or maintained by or on behalf of an agency". Executive branch entities include the U.S. Department of Agriculture, the National Science Foundation, the U.S. Department of Education, and other federal agencies who sponsor research. Executive branch entities are required to identify and mark CUI that requires safeguarding.
Timeline
Executive branch entities are in different phases of implementing final rules for
complying with CUI standards. At this time, the Department of Defense (DoD), the General
Services Administration (GSA), and the National Aeronautic and Space Association (NASA)
have published the final rule. The Department of Homeland Security (DHS) has published
a proposed rule. The implementation schedule for the remaining federal sponsors is
under negotiation but is anticipated soon.
Resources
Laws, regulations, and executive orders
CUI tools and publications
Non-Disclosure Agreement (NDA)
Contact
If you have questions, please contact the Office of Sponsored Projects Administration at spa@qqzhangui.com .