What is Controlled Unclassified Information (CUI): Government created or owned UNCLASSIFIED information that by law, regulation, or Government-wide policy must be safeguarded from unauthorized disclosure.

See Executive Order 13556

CUI Requires Strict Safeguarding and Dissemination Control

As required by the federal government, CUI can only be stored and processed on IT systems that have been risk assessed to comply with NIST SP 800-171 standards. Therefore, UVM Investigators who will engage in a sponsored project that will require the use of CUI can only do so within an approved CUI environment.

CUI environments must be approved by UVM’s Chief Information Security Officer, Scott Carbee.

Investigators, should not engage, accept, or receive CUI for any reason or purpose until an appropriate Information Security Plan (ISP) is in place and approved by the UVM Chief Information Security Officer.

Sponsored Project Administration and CUI Projects

Where SPA identifies a CUI Project, SPA will connect the Principal Investigator to the UVM Chief Information Security Officer who will then work with the research team to develop an appropriate Information Security Plan (ISP), which safeguards the CUI and controls unauthorized dissemination.

For any reason a SPA project is not initially identified as using CUI in the work, it is the responsibility of the Investigator to initiate an Information Security Plan by contacting our Research Compliance Officer, Victoria Jones and our Chief Information Security Officer, Scott Carbee.

For more detail see:

Updated 11/10/23

Contact Research Integrity

Compliance  Helpline 800-461-9330

 

UVMClick

UVMClick, our electronic portal where investigators and staff connect to accomplish the business of research administration and compliance.