How the Office of Information Technology Supports Secure Research
The Office of Information Technology (OIT) partners with researchers to support the secure use of technology in research projects that have sponsor‑mandated cybersecurity or data protection requirements. Our role is to provide technical expertise, secure computing solutions, and implementation support once compliance needs have been identified.
Determinations about whether a research project is subject to specific regulatory or contractual requirements are made by the Office of Research and Innovation (ORI). Once ORI identifies applicable requirements, the OIT security team works with researchers to help implement the technical safeguards needed to support compliance in a way that aligns with research workflows.
These requirements often arise in federally sponsored research and may include obligations related to:
- Sponsor‑mandated data protection or cybersecurity controls
- Federally protected research data, such as Controlled Unclassified Information (CUI)
- Compliance with federal cybersecurity standards, such as NIST SP 800‑171
Common indicators that such requirements may apply include references in solicitations, awards, or contracts to:
- 32 CFR 2002 – Controlled Unclassified Information
- NIST SP 800‑171 – Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- FAR 52.204‑21 – Basic Safeguarding of Covered Contractor Information Systems
- DFARS 252.204‑7008 – Compliance with safeguarding covered defense information controls
- DFARS 252.204‑7012 – Safeguarding covered defense information and cyber incident reporting
ORI is responsible for reviewing these terms and determining whether they apply to a given project.