Security & Research Information Assurance

Security management and planning is the identification of an organization's assets (including people, buildings, machines, systems and information assets), followed by the development, documentation, and implementation of policies and procedures for protecting these assets.

Understanding key export and security concepts will assist in securing intellectual property, resources, information, technology, and individuals on our campuses while protecting national security and reducing overall risk to KU.  Additionally, it facilitates collaboration and the exchange of information in a safe, efficient, and legal manner. Lastly,  security planning assists employees and students in identifying risks and developing appropriate controls and countermeasures to provide a safe and secure work environment at all KU campuses.

A Technology Control Plan (TCP) helps ensure that controlled materials will not be accessed by unauthorized persons. The need for a plan occurs whenever Controlled Unclassified Information (CUI), ITAR, CCL or other controlled items or data are present on campus. The most common use of a TCP is to identify controlled materials or data and describe how these items will be secured on campus. It includes plans for storage, processing, transmission of the information or items and procedures for guarding against unauthorized access by individuals or entities.

There is a cost to protecting controlled materials so please keep this in mind when preparing a budget for a grant application or contract. GRS can assist you with developing potential equipment or devices to properly store, process, and transmit information or materials. Be sure your project sponsor is aware of the need for additional security measures related to the project.  If you are awarded a contract or grant and did not budget for the necessary security costs, funds will need to be identified from other sources to cover these required expenses. 

Collaboration with both international and domestic colleagues is a critical component of information sharing in an effort to advance education, research, science and technology here at KU. The U.S. Government has continued to see a sharp increase in the theft or illegal acquisition of information and technology resident at both companies and Universities nationwide.

To support the University’s interests in collaboration, while complying with laws and regulations, the University has published the University-wide Visitor Policy to help with protecting intellectual property, research data, research facilities, network access, and physical spaces.

GRS can assist you with identifying and training research teams concerning Controlled Unclassified Information (CUI).

Controlled Unclassified Information is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.

Executive Order 13556 “Controlled Unclassified Information” (the Order), establishes a program for managing CUI across the Executive branch and designates the National Archives and Records Administration (NARA) as Executive Agent to implement the Order and oversee agency actions to ensure compliance. The Archivist of the United States delegated these responsibilities to the Information Security Oversight Office (ISOO).

32 CFR Part 2002 “Controlled Unclassified Information” was issued by ISOO to establish policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements, and other facets of the Program. The rule affects Federal executive branch agencies that handle CUI and all organizations (sources) that handle, possess, use, share, or receive CUI—or which operate, use, or have access to Federal information and information systems on behalf of an agency.

The National Industrial Security Program (NISP) is a partnership between the federal government, academia, and the private industry to safeguard classified information. Executive Order 12829, as amended, “National Industrial Security Program”, further amended by Section 6 of  E.O. 13691, was established to achieve cost savings and to ensure that industry safeguards the classified information with which it is entrusted while performing work on contracts, programs, bids, or research and development efforts while working for United States Government. The Order also calls for a single, integrated, cohesive system for safeguarding classified information in industry. Consistent with the goal of achieving greater uniformity in security requirements for classified contracts, the four major tenets of the NISP are:

• achieving uniformity in security procedures;
• implementing the reciprocity principle in security procedures, particularly with regard to facility and personnel clearances;
• eliminating duplicative or unnecessary requirements, particularly agency inspection; and
• achieving reductions in security costs.

The NISP affects all executive branch agencies. The major signatories of the program are the Department of Defense, the Department of Energy, the Department of Homeland Security, the Office of the Director of National Intelligence and the Nuclear Regulatory Commission.

GRS is responsible for leading and managing the NISP at KU. GRS manages the only facility and network authorized for use at KU. Prior to submitting a proposal to conduct classified research subject to the NISP, contact GRS immediately to discuss program requirements

Additional information can be found at:

• NISP
• Defense Counterintelligence and Security Service