• The University of Texas at San Antonio
  • myUTSA
    • ASAP
    • Blackboard
    • Staff Webmail
    • Libraries
  • Info For
    • Students
    • Faculty
    • Staff
    • Parents
    • Visitors
  • Maps
    • Main
    • Downtown
    • Hemisfair Park
  • Directory
  • Calendar
  • About UTSA
  • facilitating growth, enabling productivity, pursuing excellence
  • Home
  • About UTSA Research
  • For Researchers
  • For Partners
  • For Students
  • Research News
  • Contact Us

Safeguarding Controlled Unclassified Information (CUI)

General Information

In addition to classified information, certain types of unclassified information also require application of access and distribution controls and protective measures for a variety of reasons. University activities (e.g. sponsored research projects, non-disclosure agreements, proprietary information agreements) may include receiving, generating or using controlled unclassified information. Access to CUI is usually restricted to Non-U.S. persons, unless the sponsor has agreed to grant access to a Non-U.S. person under a fully executed non-disclosure agreement (NDA).

The Office of Research Integrity collaborates with UT System Facility Security Officer/Security Manager to ensure there is a common approach to national security issues common to export controlled and classified programs. ORI is responsible for helping UTSA faculty and staff with the security measures necessary to safeguard controlled unclassified information (CUI) to include export-controlled, for official use only (FOUO) and sensitive but unclassified information (SUI).

The UTSA Office of Information Security (OIS) and the UTSA Office of Information Technology (OIT) are responsible for administering programs that create a reliable and secure university computing environment. The Information Security Officer (ISO) and the Information Security Administrator provide assistance with the implementation and administration of information security initiatives and Data Owner’s security needs. Please contact the ISO at (210) 458-7974 for additional information.

UTSA faculty and staff are responsible for:

  • obtaining sponsoring organization’s guidance concerning access to CUI or Classified Information;
  • determining who will have access to CUI;
  • contacting ORI, OIS and OIT if a protection/security plan (e.g. technology control plan) is required to control access to and dissemination of CUI.

UTSA does not allow classified research or storage or use of classified data at any of its campuses. ORI can assist with security clearances applications for UTSA personnel who seek access to classified material housed elsewhere or to conduct classified research elsewhere as part of a sponsored research project. Use of classified information is restricted to those areas that adhere to the requirements identified in the National Industrial Security Program Operating Manual (NISPOM) or the DD 254 Form, DoD Contract Security Classification Specification, issued by the sponsoring agency.

Definitions

Controlled technical information is defined in the DFARS 252.204-7012 as technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F using the criteria set forth in DoD Instruction 5230.24, Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions.

Controlled Unclassified Information (CUI) is information that laws, regulations, or Government-wide policies require to have safeguarding or dissemination controls, excluding classified information. For CUI Categories and Subcategories please go to CUI Registry General Guidelines site.

“Covered defense information” is unclassified controlled technical information or other information, as described in the Controlled Unclassified Information (CUI) Registry, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies, and is—

  • Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DoD in support of the performance of the contract; or
  • Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract.

Regulations

The Department of Defense (DOD) issued a final rule on November 18,2013, amending the Defense Federal Acquisition Regulation Supplement (DFARS) to add a new subpart and contract clause (DFARS 252.204-7012) associated with safeguarding unclassified controlled technical information. The new rule requires that contractors with “controlled technical information” resident on or passing through their information systems use a minimum set of protective measures and security controls to safeguard the data.

The National Institute of Standards and Technology (NIST) also published on June 19, 2015, the final version of guidance for federal agencies NIST Special Publication 800-171:Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (PDF) to ensure sensitive information remains confidential when stored outside of federal systems. The guidelines apply to nonfederal information systems and organizations that process, store, or transmit federal controlled unclassified information.

General Guidelines and Forms

filetype-pdf Military Critical Technical Agreement (DD 2345 Form): ORI maintains an approved Military Critical Technical Agreement (DD 2345 Form ) with the Assistant Facility Security Officer. Please contact the AFSO prior to attending a meeting/conference where unclassified technical data will be disclosed. ORI strongly recommend to have the meeting/conference organizers mail the unclassified technical data to ORI, if possible. If you are planning to bring CUI back with you to UTSA, please contact the AFSO at (210) 458-4233 for guidance.
filetype-pdf Contract Security Classification Specification (DD 254 Form): The Federal Acquisition Regulation (FAR) requires that a DD 254 Form be incorporated in each classified contract. The DD 254 Form provides to the contractor (or a subcontractor) the security requirements and the classification guidance that would be necessary to perform on a classified contract.  UTSA personnel are also required to contact the Office of Contracts & Industry Agreements ((210) 458-8575) for a government-sponsored contract that will include this form.

Contact Staff

Robert Mitchell
Research Security Manager
(210) 458-4233
Location: GSR 2.130CC
Robert.Mitchell@utsa.edu
Research Portal
Funding Opportunities
Funding Process
Research Service Center Directory
Proposal Development
Proposal Development Services
Proposal Development Resources
Relation to Research Service Centers
Request for Assistance
Contact
Limited Submissions
Opportunities
Application Form Login
Contact Info
Seed Grants
Early Career Faculty
Targeted Scholarly Awards
Research Service Center Directory
CAYUSE Proposal Submission
Training & Development Opportunities
Workshops & Professional Development Opportunities
Research Integrity Classes
Forms, Policies & Guidelines
Forms
Policies
Guidelines
Procedures
Institutional Guidelines & Policies
Financial Management Tools for Sponsored Projects
Sponsored Projects Payroll Confirmation Reporting
Payroll Confirmation Application
COI Disclosure
Human Subject Research (IRB)
Institutional Animal Care and Use Program (IACUC)
Postdoctoral Support
Commercialization & Tech Transfer
Disclose a Technology
News & Success Stories
Find a Technology
Intellectual Property Process
Royalty Sharing
Maintaining Research Notebooks
Entrepreneurship & Training
Incubation
Funding POCs and Start-Ups
UTSA COVID-19 Technology Licensing Guidelines
Contracts & Industry Agreements
The Contract Process
Standard Contracts & Agreements Overview and Templates
Contract Continuum
Contracts Training Presentations
International Collaborations
Research Integrity Guidelines
Conflict of Interest in Research & Intellectual Property (COI)
COI Training
Training Login
Guest Account Registration for Non-UTSA Staff
Committee
COI FAQs
Responsible Conduct of Research (RCR)
RCR Definitions
RCR Regulations and Guidelines
Data Ownership
UTSA Policy on Data Ownership & Retention
Guidance for Faculty Separating
Research Misconduct
Laboratory Safety Division and Compliance
Laboratory Safety Services and Tools
Training Requirements and Resources
Biosafety
Institutional Biosafety Committee (IBC)
Chemical Safety
Chemical Safety Committee
Radiation and Laser Safety
Radiation and Laser Safety Committee
Laboratory Safety Advisory Committee
Safety Excellence Program
Near Misses
Laboratory Animal Resources Center (LARC)
Training
Resources for Research Staff and Students
Requesting Facilities and Visitor Access
AAALAC Accreditation
References and Links
Report Concerns
UTSA Links
Export Control
Export Control Definitions
Export Control Countries of Concern
Export Control Objectionable Clauses
Training & Development
Visiting Scholars & Visiting Researchers
Research Resources
  • data sheet quick link icon Institutional Data Sheet
Office of the Vice President for Research, Economic Development and Knowledge Enterprise
  • Home
  • Sitemap
  • Contact
  • facebook icon
  • twitter icon
  • youtube icon
to top icon
UTSA
  • Sitemap
  • Campus Maps
  • Jobs
  • Campus Alerts
  • Policies
  • Open Records
  • Report Fraud
  • Required Links
  • Identity
  • UT System
  • Contact Us

© The University of Texas at San Antonio | One UTSA Circle, San Antonio TX 78249 | Information: 210-458-4011 | UTSA Police: 210-458-4242