(Including US Government Controlled Unclassified Information (CUI), DOD Controlled Technical Information (CTI) and Data Use Agreements)
Data security has become an essential requirement for research today. Federal and private sponsors need assurance that research data and related intellectual property are adequately protected. SPARCS and OIT are committed to providing solutions to meet requirements for protecting research data and information in compliance with its Federal or contractual obligations.Do you do research with DOD Controlled Technical Information (CTI)? (Unity ID required)
Federal agencies are codifying how their contractors must treat certain types of government data, notably Controlled Unclassified Information or CUI. CUI is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies. While some classified data is excluded, there are 23 categories and 84 subcategories of data considered CUI by the government. These categories include types of information such as:
- Controlled Technical Information (CTI);
- Critical Infrastructure;
- Emergency Management;
- Export Control, Financial, Immigration;
- Law Enforcement;
- Procurement and Acquisition;
- Proprietary Business Information;
If NC State processes, stores, or transmits CUI, some agencies require that we protect that information consistent with The National Institutes of Standards and Technology (NIST) Special Publication 800-171 (NIST 800-171). NIST 800-171 outlines specific controls which must be met while handling CUI. These controls apply to some research being conducted at NC State and is continuously capturing more projects as our research portfolio grows and as Federal agencies increasingly adopt these heightened security frameworks.
For a more detailed overview of NIST 800-171 and its implication on institutions of Higher Education, please visit https://library.educause.edu/~/media/files/library/2016/4/nist800.pdf
The first Federal agency to fully implement these requirements is the Department of Defense (DoD). It’s expected other agencies will follow within two years.