Skip to main content

Policy Alert – Controlled Unclassified Information (CUI)

This new policy shares important updates on how to properly handle this type of information.

What is CUI?

Federal agencies routinely create, store, share, and use information that, while not classified, requires some level of protection from unauthorized access and disclosure. CUI is a category of unclassified federal data that is created or possessed by the government or an entity (i.e., UCF) on behalf of the government.

Does the CUI Policy apply to me?

Our Controlled Unclassified Information Policy (4-217) applies to all members of the university community who handle and protect CUI on UCF’s behalf.

What if I’m not sure if I access CUI in my job?

Please check with your manager or otherwise contact the Office of Cyber Risk Management by email at ResearchOCRM@ucf.edu if you’re uncertain about accessing CUI in your role.

What’s the CUI policy all about?

Here are some key take-aways:

  1. UCF typically encounters CUI through sponsored research or other university activities involving a federal agency.
  2. The Office of Cyber Risk Management (OCRM) oversees cybersecurity compliance, recordkeeping, and implementation of the business processes and accountability to safeguard CUI.
  3. Knight Shield is UCF’s secure enclave which meets federal CUI security requirements and is designed to electronically store, process, or transmit CUI for sponsored research agreements.
  4. CUI documents must be properly marked, stored, accessed, disseminated, safeguarded, decontrolled, and destroyed in accordance with laws, regulations, and standards.
  5. Failing to comply with federal CUI regulations may result in contractual, financial, and legal penalties to UCF and the individual(s) involved.
  6. Immediately report confirmed or suspected data security incidents involving CUI to the Security Incident Response Team by email at sirt@ucf.edu.
  7. Contact the Office of Cyber Risk Management by email at ResearchOCRM@ucf.edu for questions regarding the handling of CUI

The policy contains several helpful links to related information. Please read the full Controlled Unclassified Information Policy (4-217)  for additional requirements and related procedures.