Classified or Restricted Research
Sponsors may impose restrictions on personnel, access to facilities, or information sharing. A Principal Investigator needs to receive Faculty Council on Research (FCR) approval before the University enters into a restricted research agreement.
Review:
- UW EO on Classified, Proprietary and Restricted Research
- UW APS on Information Security and Privacy Policies and Standards
Pay close attention to the Request for Proposal where it lists the classified or restricted research requirements. These requirements will have implications for setting up and managing the project, including budget impacts.
If awarded, federal regulation requires plans and metrics for restricted research with Homeland Security Presidential Directive 12 (HSPD-12), Federal Information Processing Standards (FIPS), and/or Federal Information Security Management Act (FISMA). These plans must be in place within as little as 30 days after receipt of the award.
Classified Research
When personnel need to access classified information or facilities, the research must receive additional review and approval through the Faculty Council on Research (FCR) and the University Facility Security Officer (FSO). Project personnel must obtain security clearance through the FSO.
Review more information on handling classified information at set up.
Review Federal Classified Information Categories and Requirements
Description |
Information Type |
What you may see.
|
Compliance Requirement |
|---|---|---|---|
| U.S. Government Compartmentally Classified Programs/Projects |
Classified (Compartmented) | E.O. 13526; DoD5220.22-SUP | DoD5220.22-SUP |
| National Industrial Security Program (NISP) Classified Programs/Projects |
Classified (Collateral/Genser) | E.O. 13526; DoD5220.22-M | DoD5220.22-M |
Human Subjects Research
Research that involves human subjects and is classified for reasons of national security raises special issues for IRB review and for the process of obtaining informed consent, particularly with respect to the level of disclosure and waivers of informed consent.
Consult with the Human Subjects Division (HSD) in advance before submitting your proposal, to ensure that the UW IRB will be able to meet the special requirements of classified research.
To consult, and/or to request a Letter of Support from HSD, send an email to hsdinfo@uw.edu.
Controlled Unclassified Research
Classified research is not the only reason a project may be considered restricted. Restrictions on personnel, information sharing (controlled unclassified information – CUI) or access to campus facilities for national security purposes is also restricted research.
Sponsors may have other requirements which must be in place to receive funding when CUI is involved. For example, the Department of Defense has a Cybersecurity Maturity Model Certification requirement for specific DoD contracts that handle CUI. Review more information on Preparing for DoD Contract Cybersecurity Requirements at the UW.
Review Federal Non-Classified Information Categories and Requirements
Description |
Information Type |
What you may see.
|
Compliance Requirement |
|---|---|---|---|
| Export Controlled Information | Certain unclassified government info under government’s cognizance that, if generated by private sector, would require a specific license or authorization for export under regulations. Information and technology regulated by Export Administration Regulations, 15 CFR Parts 742, 744, and 746, and the International Traffic in Arms Regulations, 22 CFR 120.21. |
USC Titles: 7, 8, 10, 15, 17, 19, 21, 22 |
HSPD-12;
FIPS; |
| Controlled Unclassified Information (CUI) |
Unclassified government info requiring safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations and government-wide policies. 23 CUI Categories.The CUI registry lists more details and the 84 subcategories. |
E.O. 13556 | HSPD-12;
FIPS; |
| Family Educational Rights & Privacy Act (FERPA) Information | Any individually identifiable educational info and records held by educational institutions transmitted by or maintained in electronic media; or transmitted by or maintained in any other form or medium. | Title 20USC, Part 1232g.
34CFR, Part 99 |
HSPD-12;
FIPS; |
| Health Insurance Portability & Accountability Act (HIPAA) PHI Information |
Any individually identifiable health info transmitted by or maintained in electronic media; or transmitted by or maintained in any other form or medium. | 45CFR 160.103 | HSPD-12;
FIPS; |
Policy, Regulation, and Guidance
- GIM 01 – Review and Submission Requirements for Proposals
- Export Control Measures
- Executive Order 8: Classified, Proprietary, and Restricted Research
- APS 2.4 Information Security and Privacy Roles, Responsibilities, and Definitions
- Office of the Chief Information Security Officer: Laws
- APS 2.6 Information Security Controls and Operational Practices
- Homeland Security Presidential Decision Directive 12 (HSPD-12)
- Federal Information Protection Standard (FIPS)
- Information Assurance
- Defense Federal Acquisition Regulation Standards (DFARS) 252.204-7012
- Federal Information Security Management (and Modernization) Act (FISMA)
- Set up: Classified Research