The University of Michigan has been working on a effort to ensure that the university is compliant with the new regulations concerning the use of Controlled Unclassified Information (CUI). The next step is to develop a CUI public cloud strategy and proof of concept in AWS. That is where the ITS Cloud Infrastructure Transformation Program (CITP) technical team comes in. The team will map out the technical requirements including architecture, roles, and responsibilities as well as IT security controls to assist with this effort.
But what is CUI?
In an effort to better protect federal information, the U.S. government continues to expand and refine laws and regulations that create expectations and requirements for how certain types of federal data are to be secured. These include laws and regulations that carry over to non-governmental entities, like universities. One of the most recent laws that affect universities, including U-M, has to do with Controlled Unclassified Information (CUI). CUI is information from U.S. federal agencies that non-federal agencies may access using specific security controls.
What has U-M already done to ensure that our researchers can comply with this new regulation?
Representatives from the University of Michigan Office of Research (UMOR), Michigan Medicine Compliance, Office of General Counsel (OGC), and ITS Information Assurance partnered to develop a compliance program to support the university CUI compliance through delivery of a policy, process, security templates, and training. Working with Advanced Research Computing-Technology Services (ARC-TS) and Sera-Brynn Consulting, the Yottabyte Research Cloud was brought into CUI Compliance. U-M has also established a CUI Program Governance Committee, and has set up a CUI webpage on Research Ethics and Compliance, as well as training that is now available for registration on My LINC. This work was completed in June, 2018.
Stay tuned for updates on this important project!