Export Controls CoP expands to address CUI

tablet with compliance wordcloudA new Community of Practice (CoP) group has been established to address the challenges U-M programs, faculty, students, and employees may face with the federal government’s Controlled Unclassified Information (CUI) program. The new U-M CUI CoP has evolved from the Export Controls CoP, which now falls under the umbrella of the CUI CoP.

U-M, like all research universities, must comply with an array of federal laws, regulations, and executive orders that mandate stringent security requirements intended to protect confidential, sensitive, or regulated information. An emerging and important piece to U-M’s responsibility to protect this type of data is the federal CUI program.

The CUI program was established by Executive Order as a means to implement a uniform set of information security controls that will secure sensitive information obtained, held, or created by federal executive agencies. While CUI security requirements do not apply directly to non-federal entities, the security requirements can flow down to U-M when researchers and other University entities are given access to CUI by federal agencies, or create CUI on behalf of federal agencies, under the terms of a contract, grant, or other agreement.

The CUI program applies to a wide range of information categories, including export-controlled research, that U-M researchers and others may encounter (you can explore the full CUI Categories List at the National Archives web site). Accordingly, the CUI CoP will meet four times a year to discuss relevant changes in policy, assist the community with problem solving, and ensure that those who handle CUI have the tools they need.

The CUI CoP is open to anyone interested in learning more about CUI and the mailing list can be used at any time by anyone who needs more information or help with a CUI problem. You can also learn more about the U-M CUI oversight program by going to U-M’s External Funding and Information Security Requirements and Controlled Unclassified Information (CUI) web sites. The CUI page of Safe Computing’s Sensitive Data Guide also has additional information.

The inaugural meeting of the CUI CoP will be August 2, 2018, 3–4 p.m. at the NCRC Building 510 Room 1122 (map). Join the Community of Practice for Controlled Unclassified Information MCommunity group.