U.S. Government Controlled Unclassified Information (CUI)
Federal agencies are codifying how their contractors must treat certain types of government data, notably Controlled Unclassified Information (CUI). CUI is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations and governmentwide policies. While some classified data is excluded, there are 23 categories and 84 subcategories of data considered CUI by the government. These categories include information types such as:
- Controlled Technical Information (see below)
- Critical Infrastructure
- Emergency Management
- Export Control, Financial, Immigration
- Law Enforcement
- Procurement and Acquisition
- Proprietary Business Information
If NC State processes, stores or transmits CUI, some agencies require that we protect that information consistent with the National Institutes of Standards and Technology (NIST) Special Publication 800-171. NIST 800-171 outlines specific controls that must be met while handling CUI. These controls apply to some research being conducted at NC State and are continuously capturing more projects as our research portfolio grows and federal agencies increasingly adopt heightened security frameworks.
DoD Controlled Technical Information (CTI)
The Department of Defense (DoD) contractually identifies Controlled Technical Information through the inclusion of DFARS 202.204-7000.
Do you do research with DOD Controlled Technical Information?