Managing Controlled Unclassified Information in Research Institutions

In order to operate in a regulated world, researchers need to ensure compliance with ever-evolving landscape of information security regulations and best practices. This work explains the concept of Controlled Unclassified Information (CUI) and the challenges it brings to the research institutions. Survey from the user perceptions showed that most researchers and IT administrators lack a good understanding of CUI and how it is related to other regulations, such as HIPAA, ITAR, GLBA, and FERPA. A managed research ecosystem is introduced in this work. The workflow of this efficient and cost effective framework is elaborated to demonstrate how controlled research data are processed to be compliant with one of the highest level of cybersecurity in a campus environment. Issues beyond the framework itself is also discussed. The framework serves as a reference model for other institutions to support CUI research. The awareness and training program developed from this work will be shared with other institutions to build a bigger CUI ecosystem.