Controlled Unclassified Information (CUI)

Key: Permission Levels

  • Permitted
  • Permitted with Information Assurance (IA) Consultation
  • Not Permitted

For IA consultation, please contact the ITS Service Center

Protecting sensitive data is a shared responsibility. You are responsible for ensuring that your use of permitted services complies with laws, regulations, and policies where applicable.

Permitted

Not Permitted

Data Type Description 

Controlled Unclassified Information (CUI), as defined by Executive Order 13556 (2010), is federal non-classified information that must be safeguarded by implementing a uniform set of requirements and information security controls directed at securing sensitive government information. CUI requirements do not apply directly to non-federal entities, but can flow down when U-M research projects receive, possess or create such information for or on behalf of the U.S. government under the terms of a contract, grant, or other agreement.

Data Steward: U-M Office of Research (UMOR) Research Information Oversight Program: Research.Information.Security@umich.edu.

Examples 

  • CUI Registry Categories
  • Controlled technical information with military or space application
  • Protected critical energy infrastructure information, including nuclear reactors and materials
  • Export control information or materials
  • Geodetic and geospatial information related to imagery intelligence

Even for those examples above, there must be specific contractual provisions that CUI requirements apply to information received, possessed, or created at U-M for or on behalf of the U.S government.

Andrew File System (AFS): 
Not Permitted
BlueJeans Video Conferencing: 
Not Permitted
Canvas: 
Not Permitted
Cloud Storage Included with Software: 
Not Permitted
CTools: 
Not Permitted
Data Warehouse: 
Not Permitted
Desktop Backup (Powered by CrashPlan): 
Not Permitted
MiDesktop: 
Not Permitted
Digital Signage: 
Not Permitted
Echo360 - Lecture Capture and LectureTools: 
Not Permitted
eResearch: 
Not Permitted
Flux: 
Not Permitted
Globus: 
Not Permitted
ITS Exchange Email and Calendar: 
Not Permitted
Amazon Web Services GovCloud at U-M: 
Not Permitted
Amazon Web Services (AWS) at U-M: 
Not Permitted
Box Additional Apps (Non-Core): 
Not Permitted
Box at U-M Core Apps: 
Not Permitted
Google Non-Core Services: 
Not Permitted
Google Drive at U-M: 
Not Permitted
Google Mail and Calendar at U-M: 
Not Permitted
Google at U-M Core Services: 
Not Permitted
MiDatabase: 
Not Permitted
MiServer: 
Not Permitted
MiShare: 
Not Permitted
MiStorage CIFS with AWS S3 Cloud Storage Integration: 
Not Permitted
MiStorage (NFS): 
Not Permitted
MiVideo: 
Not Permitted
MiWorkspace: 
Not Permitted
Personal Accounts (Dropbox, Slack, etc.): 
Not Permitted
Personally Owned Devices (phone, tablet, laptop, etc.): 
Not Permitted
Qualtrics: 
Not Permitted
ServiceNow: 
Not Permitted
Statistics and Computation Service: 
Not Permitted
MiBackup: 
Not Permitted
Turbo Research Storage (NFS): 
Not Permitted
Turbo Research Storage (NFSv4+Kerberos or CIFS): 
Not Permitted
Michigan Medicine Exchange/Outlook Email and Calendar: 
Not Permitted
Armis: 
Not Permitted
Document Imaging System: 
Not Permitted
SignNow at U-M (E-Signature): 
Not Permitted
Piazza Q&A: 
Not Permitted
Dedoose: 
Not Permitted
Gradescope: 
Not Permitted
Electronic Research Notebook at U-M: 
Not Permitted
Microsoft Azure at U-M: 
Not Permitted
Google Cloud Platform at U-M: 
Not Permitted
Perusall: 
Not Permitted
Yottabyte Research Cloud: 
Permitted
Microsoft Office 365 at U-M: 
Not Permitted
LastPass at Michigan Medicine: 
Not Permitted