Controlled Unclassified Information (CUI)

Overview

In an effort to streamline the management of sensitive information, 32 CFR Part 2002 established a process for management of unclassified information that is to be protected from public disclosure. Any project at the ��Ƶ18 that incorporates the responsibility for managing Controlled Unclassified Information (CUI) must take the appropriate measures to protect the sensitive information.

CU Boulder’s in is empowered to review each program for CUI compliance and work with faculty and staff to ensure that the appropriate steps are taken.

Impact on Sponsored Projects

For sponsored project activities that incorporate CUI by reference (or through NIST 800-171r1 or DFARS 252.204-7012), IT Security will need to conduct an additional review prior to award acceptance.

Review Process

Once IT Security is notified of an agreement that may include the requirement to manage CUI, they will contact the Primary Investigator (PI) or assigned representative to initiate the cybersecurity review. They will work in conjunction with the PI or assigned representative to identify and plan to implement the necessary security controls. Once the review has been conducted, the Office of Contracts and Grants (OCG) will be notified by IT Security whether the computing environment that is supporting the project will be compliant. At that point, OCG will finalize the review of the contract.

What Steps Do I Take?

Proposal Stage:

Notify your department's OCG Proposal Analyst

Award Stage:

If you received a notification that the award is subject to CUI, notify your department's OCG Contract Officer

������Ƶ18

Search

Other ways to search: