Cybersecurity & CUI
What is CUI?
CUI was defined in Executive Order 13556 as information held by or generated for the Federal Government that requires safeguarding or dissemination controls. Research data and other project information that a research team receives, possesses, or creates during the performance of federally funded research may be CUI. The obligation to determine whether or not an award will involve CUI belongs to the federal sponsor; award documents should specifically identify CUI and applicable security requirements.
Resources & Education
- OIT Research Cybersecurity Program
- Management of CUI
- CU Boulder Controlled Unclassified Information (CUI) SkillSoft Course
- National Archives CUI Training Modules
- CDSE DoD Mandatory Controlled Unclassified Information (CUI) Training
- CDSE Controlled Unclassified Information Toolkit
Contact CU Boulder's Research Cybersecurity Program (itso-sec-review@colorado.edu) for support.
What is CMMC?
CMMC is a unified assessment model created by DOD in response to the growing threat of cyberattacks and data theft from the defense contractors. CMMC is designed to ensure that DOD contractors and subcontractors adequately safeguard two categories of sensitive government information: Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).
While DOD contractors have already been subject to information security requirements in DFARS and FAR clauses, CMMC builds on these existing requirements by requiring all DOD contractors and subcontractors who handle CUI and FCI during contract performance to certify compliance with security controls via mandatory self-assessments, third-party assessment, and affirmations of compliance.
Resources & Education
- CU Research Integrity & Security (RSI) CMMC Webpage
- OIT Research Cybersecurity Program
- Secure Research Computing Services: The Preserve
- Cybersecurity Maturity Model Certification (CMMC) Program Final Rule
- Federal Information about CMMC
Contact CU Boulder's Research Cybersecurity Program (itso-sec-review@colorado.edu) for support.
University of Colorado Office of Information Security (OIS)
The OIS offers many services to help ensure the privacy and proper handling of university information assets. The following are provided in support of the university’s academic mission and the strategic vision of each campus.
- Security Posture Assessment
- Compliance Support
- Security Consulting and Review
- Awareness and Training
- Security Monitoring/Response
- Investigation Support
- Technology Solutions
- Policy and Governance
Resources & Education
Contact CU Office of Information Security (security@colorado.edu) for support.
All CU community members have a stake in reducing cybersecurity risks that could impact the university’s financial, reputational, and legal standing. The mission of OIS is to provide you relevant and attainable guidance that will keep sensitive university information private and secure.
Resources & Education
Contact CU Office of Information Security (security@colorado.edu) for support.
Center for the Development of Security Excellence (CDSE)
The Center for the Development of Security Excellence (CDSE) offers several resources and trainings focused on topics related to Information Security and Cybersecurity, including:
Our 12 research institutes conduct more than half of
the sponsored research at CU Boulder.
More than 75 research centers span the campus,
covering a broad range of topics.