Controlled Unclassified Information (CUI)

Data Type Description 

Controlled Unclassified Information (CUI), as defined by Executive Order 13556 (2010), is federal non-classified information that must be safeguarded by implementing a uniform set of requirements and information security controls directed at securing sensitive government information. CUI requirements do not apply directly to non-federal entities, but can flow down when U-M research projects receive, possess or create such information for or on behalf of the U.S. government under the terms of a contract, grant, or other agreement.

Data Steward: U-M Office of Research (UMOR) Research Information Oversight Program: Research.Information.Security@umich.edu.

Examples 

  • CUI Registry Categories
  • Controlled technical information with military or space application
  • Protected critical energy infrastructure information, including nuclear reactors and materials
  • Export control information or materials
  • Geodetic and geospatial information related to imagery intelligence

Even for those examples above, there must be specific contractual provisions that CUI requirements apply to information received, possessed, or created at U-M for or on behalf of the U.S government.

Andrew File System (AFS): 
Not Permitted
BlueJeans Video Conferencing: 
Not Permitted
Canvas: 
Not Permitted
Cloud Storage Included with Software: 
Not Permitted
CTools: 
Not Permitted
Data Warehouse: 
Not Permitted
Desktop Backup (Powered by CrashPlan): 
Not Permitted
MiDesktop: 
Not Permitted
Digital Signage: 
Not Permitted
Echo360 - Lecture Capture and LectureTools: 
Not Permitted
eResearch: 
Not Permitted
Flux: 
Not Permitted
Globus: 
Not Permitted
ITS Exchange Email and Calendar: 
Not Permitted
Amazon Web Services GovCloud at U-M: 
Not Permitted
Amazon Web Services (AWS) at U-M: 
Not Permitted
Box Additional Apps (Non-Core): 
Not Permitted
Box at U-M Core Apps: 
Not Permitted
Google Non-Core Services: 
Not Permitted
Google Drive at U-M: 
Not Permitted
Google Mail and Calendar at U-M and Inbox by GMail: 
Not Permitted
Google at U-M Core Services: 
Not Permitted
MiDatabase: 
Not Permitted
MiServer: 
Not Permitted
MiShare: 
Not Permitted
MiStorage (CIFS): 
Not Permitted
MiStorage (NFS): 
Not Permitted
MiVideo: 
Not Permitted
MiWorkspace: 
Not Permitted
Personal Accounts (Dropbox, Slack, etc.): 
Not Permitted
Personally Owned Devices (phone, tablet, laptop, etc.): 
Not Permitted
Qualtrics: 
Not Permitted
ServiceNow: 
Not Permitted
Statistics and Computation Service: 
Not Permitted
MiBackup: 
Not Permitted
Turbo Research Storage (NFS): 
Not Permitted
Turbo Research Storage (NFSv4+Kerberos or CIFS): 
Not Permitted
Michigan Medicine Exchange/Outlook Email and Calendar: 
Not Permitted
Armis: 
Not Permitted
Document Imaging System: 
Not Permitted
SignNow at U-M (E-Signature): 
Not Permitted
Piazza Q&A: 
Not Permitted
Dedoose: 
Not Permitted
Gradescope: 
Not Permitted
Electronic Research Notebook at U-M: 
Not Permitted
Microsoft Azure at U-M: 
Not Permitted
Google Cloud Platform at U-M: 
Not Permitted
Perusall: 
Not Permitted
Yottabyte Research Cloud: 
Permitted