CUI – What is it?

Researchers working in a lab with Controlled Unclassified Information image

Controlled Unclassified Information (CUI) is a category of unclassified data that federal agencies create or possess, or that a non-federal entity (e.g. WUSTL) receives, possesses, or creates for, or on behalf of, the federal government, which is required by a law, regulation, or government-wide policy to have safeguarding or dissemination controls.

CUI may include research data and other project information that a research team receives, possesses, or creates during the performance of a contract funded by the federal government.

CUI is defined and described in the Code of Federal Regulations (CFR) at 32 CFR Park 2002. CUI includes a broad spectrum of information types, many of which are relevant to research conducted on campus. A full list of information types (categories and subcategories) is available at the CUI Registry of the National Archives.

If you plan to respond to a federal government RFP or RFI and anticipate that CUI may be involved then you must have adequate cybersecurity measures in place to accept said contract. Please contact the Joint Research Office for Contracts (JROC) to determine if the RFP/RFI will be subject to security requirements.

Back to CMMC at WUSTL and Security of Controlled Unclassified Information (CUI) in Sponsored Research