Government Classified and Controlled Unclassified Information

The Office(s) of the Vice President for Research will be CLOSED as follows during this holiday season:
Thursday and Friday, November 23 and 24 - Thanksgiving Holiday
Monday and Tuesday, December 24 and 25 - Christmas Holiday
Monday and Tuesday, December 31 - January 01, 2019

Overview of Government Classified and Controlled Unclassified Information

Government Classified and Controlled Unclassified Information

Classified Information

Controlled Unclassified Information

Other Available Resources for Data and Research

Stony Brook University, Division of Information Technology (DoIT) - institutional policies regarding information and data.

Data Management Plan Tool to assist researchers in creating data management plans (DoIT)

Controlled Unclassified Information (CUI)

Excerpts of this page are from the National Archives

What is Controlled Unclassified Information (CUI)?

CUI is sensitive information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. 

Examples include (but are not limited to) health documents, proprietary material, export controlled information, or any other information that the government may mark as "for official use only" or "confidential".

What are the federal regulations for CUI?

Executive Order 13556 "Controlled Unclassified Information" (the Order), establishes a program for managing CUI across the Executive branch and designates the National Archives and Records Administration (NARA) as Executive Agent to implement the Order and oversee agency actions to ensure compliance. The Archivist of the United States delegated these responsibilities to the Information Security Oversight Office (ISOO).

32 CFR Part 2002 "Controlled Unclassified Information" was issued by ISOO to establish policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements, and other facets of the Program. The rule affects Federal executive branch agencies that handle CUI and all organizations (sources) that handle, possess, use, share, or receive CUI—or which operate, use, or have access to Federal information and information systems on behalf of an agency.

How could a researcher receive CUI?

A researcher may receive CUI from the federal government or a federal government prime contractor when conducting CONTRACT work for the federal government. 

The Department of Defense has enacted specific guidelines for the protection of CUI.  Other federal agencies are expected to follow the Department of Defense in adopting federal acquisition clauses specific to the protection of CUI. 

Department of Defense (DoD)

When CUI may be shared with the awardee, a DoD contract or subcontract would include DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.

What is required to comply with DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting?

The clause requires that the researcher and the university meet specific National Institute of Standards and Technology (NIST) standards (NIST 800-171 Rev 1) to safeguard CUI.

Are Stony Brook University systems compliant with the NIST 800-171 Rev 1 standards?

Our institution’s internal network is not currently compliant with this requirement.  Any potential projects would need to be fully reviewed and additiional costs may need to be included in applications.

What does a researcher need to do if they want to apply for DoD contracts or subcontracts?

Applications for contracts and subcontracts and any agreements which contain (or could potentially contain) DFARS Clause 252.204-7012 require a detailed review by the Office of Sponsored Programs in close collaboration with the Export Control and Privacy Officers.

Classified Information

Excerpts of this page are from the National Archives

What is Classified Information?

Classified national security information is information created or received by an agency of the federal government or a government contractor that would damage national security if improperly released. The President of the U.S. manages the system of classifying information by executive order (E.O.); the most recent order concerning classified national security information is E.O. 13526, signed by President Obama on December 29, 2009.

How is Information Determined to be Classified?

Information can only be classified if an official determination is made that its unauthorized release would damage the national security. Levels of classification correspond to levels of supposed damage. E.O. 13526 specifies that information whose release would cause “exceptionally grave damage to the national security” is classified TOP SECRET; information whose release would cause “serious damage” is classified SECRET; CONFIDENTIAL is the lowest category of classified information currently in use. RESTRICTED is an obsolete category that was discontinued in 1953.

Is All Classified Information in Writing?

Classified information may take any form. Though paper documents are most common, there are classified photographs, maps, motion pictures, videotapes, databases, microfilms, hard drives, CDs, etc. Regardless of medium, classified information requires protection until it is formally declassified.

How could a researcher receive Classified Information?

A researcher may receive Classified Information from the federal government or a federal government prime contractor when conducting CONTRACT work for the federal government or when conducting work at a government or federal government prime contractor facility. Clearance (from the federal government) is required to receive classified information E.O. 13526: Part 4 -Safeguarding .

Technology Control Plan Required - Bringing Classified Information to Campus

Classified Information requires a technology control plan through the Office of Research Compliance to ensure compliance with federal regulations.

      

Susan Gasparo
Assistant Director, Research Compliance Export Compliance Officer
Phone: 631-632-1954
Go to top