Skip to main content

Secure University Research Environment (SURE)

The Secure University Research Environment (SURE) was developed as NC State’s solution to safeguard Controlled Unclassified Information (CUI) and similarly controlled data, applications and research to standards required by the Federal Government, specifically the NIST SP 800-171 standard. These requirements are typically listed in the applicable research contract.

When would I use SURE?

Projects requiring the use of  SURE are identified by the Office of Research and Innovation (ORI) – Office of Sponsored Programs and Regulatory Compliance Services (SPARCS) during the contract review stage for sponsored programs (most commonly identified by the inclusion of DFARS 252.204-7012). Once identified as a project contractual obligation, NC State researchers must use SURE to protect data developed for the project that is subject to a federally imposed dissemination restriction or security control. SPARCS will attempt to negotiate the removal of a dissemination control that appears overly restrictive to the project. Project data considerations include: 

  • SURE is required to handle/store data that may be considered CUI or otherwise implicated by federal security controls; specified DoD, CUI (as CUI is not always DoD-specified, but can come from other funding requirements)
  • Project information already in the public domain does not require the use of SURE.

Back to Top

How does SURE Facilitate Secure Research?

  • The virtual SURE workspace can be managed and accessed on your university owned and managed computer
  • A shared project workspace within SURE allows collaboration and data-sharing with approved NC State team collaborators
  • Provides compute, storage and networking services for contracts, grants and other collaborative awards that require enhanced security regulations and governance
  • Project participants can be proposed and removed through submission of an online SURE Personnel Request 
  • Technical assistance available through ServiceNow Service Tickets ( )
  • Advance notice of scheduled outages to ensure continuity of project simulations/tests

Back to Top

Current Capabilities within SURE

Before software and tools can be deployed within SURE, they must be evaluated for security compliance.  The SURE team maintains the list of current capabilities in the documents below. 

If you don’t see a computational tool or software that you will need for your research, please complete the SURE Capabilities Request Form as soon as possible to initiate that process.

Back to Top

What are the potential limitations of SURE on my research?

  • Amazon Workspace currently only supports Windows applications
  • New Software & Applications must be reviewed for compatibility with SURE and approved by Security & Compliance
  • High-Performance Computing (HPC) is not currently available in SURE  
  • Not accessible outside the US 
  • Printing not available* 
  • External Storage such as USB drives are not allowed*
  • External devices/hardware to the SURE enclave can not receive transmission of CUI data without prior approval from the Export Control Office (ECO) & OIT. 
  • File sharing/collaboration with users external to NC State
  • NC State-hosted VoIP/Zoom conference is not available for sharing secured data 
  • SURE must be accessed from a NC State owned/managed information system
  • Once data is transmitted to a third party (sponsor, subcontractor, vendor, etc), the data is out of SURE’s scope. Project team is responsible for identifying eligibility of recipient

(*Printing and external device needs must be coordinated with the ECO & OIT)

If you believe you have a project that will require SURE but don’t see your computational needs addressed in the current configuration, please submit a SURE Capabilities Request. 

Back to Top