The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

CICI: RDP: Supporting Controlled Unclassified Information with a Campus Awareness and Risk Management Framework

Research Areas: Policy, Law and Management

Principal Investigator: Baijian Yang

Protecting Controlled Unclassified Information (CUI) is mandated by the executive order 13356, and today is required for research in sectors such as defense and aerospace. Regulatory requirements for research will increase, with CUI regulations covering categories including Agriculture, Financial, Legal Records, and Business information. When combined with existing regulations already seen by universities, such as HIPAA, and the European Union's GDPR, a well-defined and consistent framework for working with regulated data is critical for institutions of higher education. This project describes a cost-effective ecosystem (REED+) to manage regulated data that meets the compliance requirements found in a campus environment. The REED+ framework integrates NIST SP 800-171 and other related NIST publications as the foundation of the framework. This framework serves as a standard for campus IT to align with security regulations and best practices, and create a single process for intake, contracting, and facilitate easy mapping of controlled research to CI resources for the sponsored programs office, human subjects office, and export control office. The framework allows researchers to experience faster intake of new funded projects and be more competitive for research dollars. Using student-developed training materials and instruction, researchers, administrators, and campus IT are now able to more clearly understand previously complicated data security regulations affecting research projects. The ecosystem developed from this project enables new partnerships with government agencies, and industry partners from the defense, aerospace, and life science sectors. Experiences and best practices in providing cyberinfrastructure and security awareness developed from this collaboration are documented and shared with the broader CI and campus community through conferences, journals and workshop.

Personnel

Other PIs: Preston M Smith, Carolyn Ellis