CUI

What happens if a project is CUI?

Once a project is determined to be CUI it is managed under a security plan. The University of Arizona Export Control office worked closely with the IT-CUI team to develop “The Plan,” a joint Technology Control Plan and System Security Plan. This plan outlines the security measures researchers and staff must follow in order to protect the CUI data.

What if the 252-204.7000 and/or the 252.204.7012 are in the contract but we think our work is fundamental in nature?

If both the 7000 and 7012 clauses are in an agreement we can go back to the prime contracting officer and ask if the University of Arizona’s portion on the work is fundamental in nature. If we receive confirmation in writing from the prime contracting officer that the university’s work in fundamental it nullifies the CUI clauses.

How do we identify CUI? 

The University of Arizona’s Export Control team works closely with the Contracting Office to identify contracts with NIST requirements or clauses with publication restrictions (e.g., DFARS 252.204-7012 and 252.204-7000). Export Control is also alerted when there are similar safeguards/restriction clauses in contracts that are not sponsored by Department of Defense (NASA contracts often have similar clauses). 

Subscribe to RSS - CUI