Use of Controlled Unclassified Information in Research Projects

  1. Issued:July 17, 2025
  2. Revised:July 17, 2025
  3. Last Reviewed:July 17, 2025
  4. Policy Number: RP-20
  5. Responsible Office:Office of the Chief Information Office and Office of the Vice Chancellor for Research and Innovation
  6. Policy Contact: Office of the Chief Information Officer
    securitysupport@illinois.edu
    Office of the Vice Chancellor for Research and Innovation
    ovcri@illinois.edu
  8. Print Policy

Purpose

To protect the research enterprise, establish institutional oversight, and comply with federal laws and regulations pertaining to the management of Controlled Unclassified Information (CUI).

Scope

This policy applies to members of the campus community (including faculty, academic staff, civil service staff, students, postdoctoral appointees, visiting scholars, and visiting scientists) who receive, store, or otherwise manage CUI as part of their research activities.

This policy applies to research projects in which any or all of the following conditions apply:

(1) data or information is marked by the federal government as “Controlled Unclassified Information”

(2) data or information management requirements include adherence to NIST 800-171 standards (see NIST Special Publication 800-171 ) or the Cybersecurity Maturity Model Certification (CMMC)

(3) the grant or contract includes terms and conditions that require adherence to NIST 800-171 standards (see NIST Special Publication 800-171 ) or the Cybersecurity Maturity Model Certification (CMMC)

Authority

Office of the Chief Information Officer and Office of the Vice Chancellor for Research and Innovation

Policy

All members of the campus community who have a role in receiving, storing, or otherwise processing CUI for research purposes must:

  1. be trained and designated as authorized holders
  2. use a campus approved environment to receive, store, and process CUI
  3. comply with applicable procedures and guidance as described below

Definitions

Controlled Unclassified Information:  Data or information used in a research project that are subject to federal regulatory requirements for CUI (32 CFR Part 2002, Controlled Unclassified Information; also see NIST Special Publication 800-171 and Cybersecurity Maturity Model Certification (CMMC)).

Principal Investigator: An individual vested by the university with the primary responsibility to independently design, conduct, and supervise sponsored projects awarded to the university; see CAM Policy RP-06, “Eligibility to Serve as Principal Investigator of an Externally-Sponsored Activity”. 

System Security Plan: A system security plan is a document that describes security requirements for an information system and the security controls to meet those requirements consistent with NIST 800-171 Revision 2 or Revision 3 standards or  Cybersecurity Maturity Model Certification (CMMC) requirements as applicable.

Procedures/Guidelines

The Regulated Research Data Compliance Program documentation is available at https://go.illinois.edu/RegulatedResearchDataProgram.

Exceptions

The Vice Chancellor for Research and Innovation and the Chief Information Officer may jointly approve exceptions to this policy.

If campus approved environments are not suitable for a particular research project, the Principal Investigator (PI) may request approval to store or manage CUI on a system for which the PI has an approved System Security Plan consistent with NIST 800-171 standards or CMMC requirements as applicable.

Contacts

Office of the Chief Information Officer, securitysupport@illinois.edu
Office of the Vice Chancellor for Research and Innovation, ovcri@illinois.edu

  1. Issued:July 17, 2025
  2. Revised:July 17, 2025
  3. Last Reviewed:July 17, 2025
  4. Policy Number: RP-20
  5. Responsible Office:Office of the Chief Information Office and Office of the Vice Chancellor for Research and Innovation
  6. Policy Contact: Office of the Chief Information Officer
    securitysupport@illinois.edu
    Office of the Vice Chancellor for Research and Innovation
    ovcri@illinois.edu
  8. Print Policy
  1. Biological Safety
  2. Campus Environmental Health and Safety
  3. Care and Use of Animals in University-Sponsored Activities
  4. Charging of Facilities and Administrative Costs to Sponsored Projects
  5. Chemical Safety
  6. Conflicts of Commitment and Interest
  7. Cost Sharing on Sponsored Projects
  8. Eligibility to Serve as Principal Investigator of a Research Activity Governed by Compliance Requirements
  9. Eligibility to Serve as Principal Investigator of an Externally-Sponsored Activity
  10. Emergency Eyewashes and Showers
  11. Export Control
  12. Human Subjects in Research
  13. Licensing Intellectual Property Developed at the University of Illinois Urbana-Champaign to Companies Affiliated with University Employees
  14. Native American Graves Protection and Repatriation Act (NAGPRA) Compliance
  15. Policy for Adoption of Research or Teaching Animals
  16. Radiation and Laser Safety
  17. Reporting Certain Forms of Misconduct to Research Sponsors
  18. Use of Controlled Substances
  19. Use of Controlled Unclassified Information in Research Projects
Campus Administrative Manual
Email: campusadminman@illinois.edu
Log In