Controlled Unclassified Information (抖阴旅行射I) Policy

Effective: November 1, 2025聽

Approved by: Justin Schwartz, Chancellor

Policy Owner: Office of Compliance, Ethics and Policy (OCEP)

Policy Contact: Information Security Officer

Supersedes: N/A

Applies to: Faculty, staff, students, 抖阴旅行射 Boulder affiliates

I. Introduction

On November 4, 2010, Federal Executive Order 13556 Controlled Unclassified Information (the Order) established a comprehensive Controlled Unclassified Information (抖阴旅行射I) Program for the Executive Branch of the government (Government) and all agencies. The Order designated the National Archives and Records Administration (NARA) to serve as the Executive Agent to implement and oversee federal agency actions to ensure compliance with the Order. The Order was further codified by 32 CFR Part 2002 Controlled Unclassified Information as published in the Federal Register on September 12, 2016, which established the National Archives and Records Administration (NARA) as the governing federal agency overseeing 抖阴旅行射I.

The following policy is established to maximize the University of Colorado Boulder鈥檚 (抖阴旅行射 Boulder) ability to abide by its legal commitments and comply with the rules and regulations of the Government 抖阴旅行射I Program. All 抖阴旅行射 Boulder employees, students, and affiliates who are authorized to use University IT resources and to receive, access, process, store, generate, or transmit information as part of their 抖阴旅行射 responsibilities and designated as 抖阴旅行射I by NARA or Federal Agencies are subject to this policy.

II. Definitions

Controlled Unclassified Information: means any information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or allows an agency to handle using safeguarding or dissemination controls. It is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and Federal Government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.

抖阴旅行射 Person: This includes all individuals who are authorized to use University IT resources and may hold roles such as:

抖阴旅行射 Boulder faculty, researcher, staff, and student.
IT Service Provider
Person of Interest (POI): an individual affiliated with the university but not paid as an employee for official university needs.
Sponsored Affiliate: an individual affiliated with the university for official university needs when an HR appointment, including POI, is not a possibility.
An individual who may be authenticated by external means and authorized by a 抖阴旅行射 IT service provider to access 抖阴旅行射-managed IT services or data (e.g., an external research collaborator or contractor authenticated via federated techniques).

IT Resource: Computers, networking equipment, storage media, software, and other electronic devices that store, process, or transmit University information. In the context of IT security policy, this includes all IT resources that are owned, leased, licensed, or authorized for use by the University.

III. Policy Statement

抖阴旅行射 Boulder will establish and maintain a 抖阴旅行射I program to address legal and contractual requirements for handling information as prescribed by NARA and federal agencies.
抖阴旅行射 Persons who handle 抖阴旅行射I are responsible for safeguarding 抖阴旅行射I in accordance with this policy and the standards, guidelines, and best practices established by the university鈥檚抖阴旅行射I program. 抖阴旅行射 Persons may have additional responsibilities based on their use of 抖阴旅行射I as specified in the 抖阴旅行射I Standard.
抖阴旅行射 Boulder鈥檚抖阴旅行射I program will facilitate 抖阴旅行射 Persons fulfilling safeguarding responsibilities by providing resources, including training and coordinated campus website(s), devoted to providing information regarding the 抖阴旅行射 Boulder 抖阴旅行射I program. The training and resources shall include specific information for identifying 抖阴旅行射I, appropriately marking 抖阴旅行射I, requirements for controlling and protecting 抖阴旅行射I information, and handling and reporting of incidents related to 抖阴旅行射I as required by applicable Federal laws, rules, regulations, and contractual requirements.
抖阴旅行射 persons who handle 抖阴旅行射I must complete all applicable training as defined in the 抖阴旅行射I Standard or specified by their role.
抖阴旅行射 Boulder鈥檚 secure enclave(s) must operate under the unified governance structure leveraging campus-wide interdependencies to ensure coordination and oversight.
The Senior Vice Chancellor for Research (SVCR), the Vice Chancellor for IT (VC for IT), and Information Security Officer (ISO), in coordination with the Office of Compliance, Ethics and Policy (OCEP) are responsible for:
1. having the ultimate authority and oversight of 抖阴旅行射I on campus.
2. establishing and maintaining 抖阴旅行射 Boulder鈥檚抖阴旅行射I program;
3. establishing 抖阴旅行射 Boulder鈥檚抖阴旅行射I Compliance Steering Committee with representative campus stakeholders to participate thereon;
4. reporting 抖阴旅行射I-related incidents, in consultation with University Counsel, in accordance with Federal Requirements;
5. reviewing and reporting on program effectiveness to the University Executive Leadership Team (UELT);
6. executing any other related responsibilities as assigned by the Chancellor or their designee(s).
抖阴旅行射 Boulder鈥檚抖阴旅行射I program includes a 抖阴旅行射I Compliance Steering Committee. Members of the Committees shall include a cross-representation of campus stakeholders. The duties of the steering committee include but are not limited to the following, as established in the committee鈥檚 charter:
1. creating, revising, and publishing campus 抖阴旅行射I standards, best practices, and resources supporting the campus 抖阴旅行射I program;
2. developing and maintaining 抖阴旅行射I training content, including the frequency of trainings;
3. proactively communicating with appropriate campus stakeholders regarding the shared responsibilities of interacting with 抖阴旅行射I in accordance with standards, best practices, training, and resource information;
4. periodically reviewing and approving updates to this Policy and the campus 抖阴旅行射I standard.

IV. Procedures

Any 抖阴旅行射 Person who handles 抖阴旅行射I in violation of Federal law, Contractual requirements, or University or Campus policy is subject to loss of privileges, disciplinary action, personal liability, and/or criminal prosecution. Further, 抖阴旅行射 Boulder may temporarily block or remove 抖阴旅行射 Boulder IT resource access when 抖阴旅行射I is mishandled or used for inappropriate or illegal use.

If there is a need outside of the campus 抖阴旅行射I IT solution, a department or unit may support an additional enclave if it meets the minimum requirements as set out in the 抖阴旅行射I standards, is vetted through the Office of IT Security, and is approved by the 抖阴旅行射I Steering Committee.

The SVCR, along with the VC for IT shall, as determined by the circumstances of a potential policy violation, work with the appropriate University offices such as University Counsel, the Office of Student Conduct (in cases involving students), the 抖阴旅行射 Boulder Police Department, Infrastructure and Resilience, Office of Contracts and Grants, the Office of Research Integrity, deans and directors, supervisors and others to enforce the 抖阴旅行射I Policy.

Exceptions to the 抖阴旅行射I Policy will be considered on a case-by-case basis by contacting the Office of Compliance, Ethics and Policy at: compliance@colorado.edu Exception requests will be reviewed by the 抖阴旅行射I Program Manager, and Office of IT Security and may be forwarded to the SVC for Research and VC for IT for final decision.

V. Related policies, forms, guidelines and other resources聽

Acceptable Use of 抖阴旅行射 Boulder's IT Resources Policy
抖阴旅行射I security requirements; refer to relevant project contract to determine whether revision 2 or 3 is applicable:
DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting

VI. History

Adopted: January 1, 2025
Revised: November 10, 2025
Last Reviewed: November 10, 2025

抖阴旅行射

Search

Other ways to search:

Controlled Unclassified Information (抖阴旅行射I) Policy