Controlled Unclassified Information (CUI) is a category of unclassified data that federal agencies create or possess, or that a non-federal entity (e.g. WUSTL) receives, possesses, or creates for, or on behalf of, the federal government, which is required by a law, regulation, or government-wide policy to have safeguarding or dissemination controls.

The federal government has introduced heightened security standards for university systems which house or transmit sensitive information known as Controlled Unclassified Information (CUI), set forth by the National Institutes of Standards and Technology (NIST).

If you plan to respond to a federal government RFP or RFI and anticipate that CUI may be involved, then you must have adequate cybersecurity measures in place to accept the contract. CUI may include research data and other project information that a research team receives, possesses, or creates during the performance of a contract funded by the federal government.

RIS can assist you with an initial assessment and provide cost estimates for the technology needs that will be required for compliance.

The assessment and cost estimates for technology needs may include:

  • Communication Requirements – secure O365 accounts
  • Data Storage and Compute requirements– Azure VM in a secure enclave
  • Hardware requirements – security and software constraints
  • Data Transfer requirements
  • Instrumentation – bringing lab equipment into the enclave
  • Physical Security
  • CUI Training
  •  Background Checks

Please visit the Office of Information Security and The Office for the Vice Chancellor for Research for additional information, or assistance in determining if your RFP/RFI involves CUI.