Controlled Research Technology Planning

When developing research proposals that will receive, generate, process, or transmit Controlled Unclassified Information (CUI)/Covered Defense Information (CDI), International Traffic in Arms Regulations (ITAR) / Export-Controlled Data, or National Institutes of Health (NIH) Genomic Data, it is essential to carefully plan for the technology infrastructure that will support the scope, security, and sustainability of the work. CUI and NIH Genomic Data must apply NIST 800-171 cybersecurity controls, while ITAR / Export-Controlled data must follow unique cybersecurity, physical security, and research protocols that are more complex than conducting general federal research.

CUI is most commonly associated with research funded by the Department of War (DoW) or a prime contractor working on behalf of the DoW. Thoughtful research technology planning during the proposal stage ensures that costs are accurately captured, compliance requirements are anticipated, and the project has a strong foundation for successful execution that will result in success for both you and the funder.

Unlike general academic research, CUI-covered projects often involve additional layers of complexity, such as stringent cybersecurity controls that must follow CMMC 2.0 / NIST 800-171 standards, integration of specialized computing equipment, unique data protection solutions, and more. Examples include hardware, software, portable media, segmented network connectivity, specialized research equipment or facilities, secure laboratory spaces, and beyond.

The NIH Genomic Data Sharing (GDS) Policy (NOT-OD-14-159) provides expectations for the sharing and use of controlled genomic data, including the requirement to operate within a NIST 800-171 cyber-secured environment. The NIH Security Best Practices for Users of Controlled-Access Data govern data security and require institutional approval by the Baylor University Research Integrity Officer.

Research involving International Traffic in Arms Regulations (ITAR) or other export-controlled data requires additional safeguards to ensure that controlled technical information and technologies are not accessed by unauthorized individuals or transferred outside the United States. Unlike many federally funded projects that operate under the Fundamental Research Exclusion, ITAR-controlled research may restrict participation, data access, publication, and collaboration. These projects often require a Technology Control Plan (TCP), controlled laboratory or workspace environments, and strict access management to ensure that only authorized U.S. persons can view or handle the controlled information. In many cases, ITAR projects also require secure computing systems, controlled data storage, and approved methods for transmitting or analyzing data. Because these requirements can affect proposal design, personnel planning, laboratory space, and computing infrastructure, researchers are strongly encouraged to engage Baylor’s Research Integrity, Global Safety & Research Security, and Research Technology teams early in the proposal development process. Early planning helps ensure that the appropriate physical, administrative, and technical controls are in place so that the project can proceed smoothly and in full compliance with federal export control regulations.

Baylor University is committed to supporting researchers working with regulated data throughout the research lifecycle. Whether your project involves Controlled Unclassified Information (CUI), ITAR / Export-Controlled technologies, or NIH Controlled Genomic Data, early planning for computing infrastructure, data protection, and compliance requirements is essential for project success. Thoughtful preparation during the proposal stage helps ensure that the appropriate cybersecurity controls, laboratory environments, data management practices, and technology resources are incorporated into the project design and budget.

To assist investigators, Baylor provides guidance, planning resources, and access to research technology experts who can help evaluate project needs and recommend compliant technical solutions. Researchers are encouraged to consult the available planning guides via the link below and engage Baylor’s research support teams early to ensure their projects are positioned for both compliance and successful execution. Contact research_technology@baylor.edu for additional assistance in planning for computing and cybersecurity controls based on your specific project requirements.

CLICK HERE TO REVIEW OUR CONTROLLED RESEARCH TECHNOLOGY RESOURCES