Protecting research and researchers
The University of Kansas is actively responding to concerns from federal agencies and sponsors regarding foreign influence in academic research. This influence may range from conflicting commitments of researchers to foreign entities to the misappropriation of research results and intellectual property. While the KU values and encourages international collaborations that promote openness in research and scholarship, we must comply with U.S. laws and agency regulations that govern how we manage and report international engagements. Understanding the regulatory environment, the risks, and importance of transparency is an individual responsibility as well as an organizational commitment.
GOS can assist you in complying with the various laws and regulations pertaining to the research enterprises at the University of Kansas Two key areas of protection involve export-controlled technology and projects involving Controlled Unclassified Information (CUI).
GOS works closely with faculty, staff, or students to identify sensitive information and how best to comply with government laws and regulations. GOS can provide training to faculty, staff, and students concerning regulatory requirements and security processes and procedures.
Research IP FAQ
GOS can assist you with identifying and training research teams concerning Controlled Unclassified Information (CUI).
Controlled Unclassified Information is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.
Executive Order 13556 “Controlled Unclassified Information” (the Order), establishes a program for managing CUI across the Executive branch and designates the National Archives and Records Administration (NARA) as Executive Agent to implement the Order and oversee agency actions to ensure compliance. The Archivist of the United States delegated these responsibilities to the Information Security Oversight Office (ISOO).
32 CFR Part 2002 “Controlled Unclassified Information” was issued by ISOO to establish policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements, and other facets of the Program. The rule affects Federal executive branch agencies that handle CUI and all organizations (sources) that handle, possess, use, share, or receive CUI—or which operate, use, or have access to Federal information and information systems on behalf of an agency.
Proprietary research that is not funded by the federal government, even though it is subject to the U.S. export control regulations, is not CUI. Projects involving controlled information that is not CUI, may certainly be handled with the same safeguarding standards but should not be marked as CUI. Non-contextualized Controlled Research Data – such data generated under a project with CUI safeguarding requirements is still controlled and should be handled in accordance with the relevant TCP, but it is not CUI. PIs and researchers should refer to the relevant TCP for safeguarding requirements. Information that is otherwise in the public domain.
- Code of Federal Regulations (CFR) Part 2002, Controlled Unclassified Information Program
- Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
- DFARS 252.204-7020, NIST SP 800-171 DoD Assessment Requirements
- National Institute of Standards and Technology (NIST) Special Publication (SP) Rev. 2
- DFARS 252.204-7021, Cybersecurity Maturity Model Certification (CMMC) Requirements
A Technology Control Plan (TCP) helps ensure that controlled materials will not be accessed by unauthorized persons. The need for a plan occurs whenever Controlled Unclassified Information (CUI), ITAR, CCL or other controlled items or data are present on campus. The most common use of a TCP is to identify controlled materials or data and describe how these items will be secured on campus. It includes plans for storage, processing, transmission of the information or items and procedures for guarding against unauthorized access by individuals or entities.
There is a cost to protecting controlled materials so please keep this in mind when preparing a budget for a grant application or contract. GOS can assist you with developing potential equipment or devices to properly store, process, and transmit information or materials. Be sure your project sponsor is aware of the need for additional security measures related to the project. If you are awarded a contract or grant and did not budget for the necessary security costs, funds will need to be identified from other sources to cover these required expenses.