US Government Controlled Unclassified Information (CUI), DOD Controlled Technical Information (CTI) and Data Use Agreements
Data security has become an essential requirement for research today. Federal and private sponsors need assurance that research data and related intellectual property are adequately protected. SPARCS and OIT are committed to providing solutions to meet requirements for protecting research data and information in compliance with its Federal or contractual obligations.Do you do research with DOD Controlled Technical Information (CTI)? (Unity ID required)
Federal agencies are codifying how their contractors must treat certain types of government data, notably Controlled Unclassified Information or CUI. CUI is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies. While some classified data is excluded, there are 23 categories and 84 subcategories of data considered CUI by the government. These categories include types of information such as:
- Controlled Technical Information (CTI);
- Critical Infrastructure;
- Emergency Management;
- Export Control, Financial, Immigration;
- Law Enforcement;
- Procurement and Acquisition;
- Proprietary Business Information;
If NC State processes, stores, or transmits CUI, some agencies require that we protect that information consistent with The National Institutes of Standards and Technology (NIST) Special Publication 800-171 (NIST 800-171). NIST 800-171 outlines specific controls that must be met while handling CUI. These controls apply to some research being conducted at NC State and is continuously capturing more projects as our research portfolio grows and as Federal agencies increasingly adopt these heightened security frameworks.
The Department of Defense (DoD) contractually identifies Controlled Technical Information through the inclusion of DFARS 202.204-7000.