Classified or Restricted Research
Sponsors may impose restrictions on personnel, access to facilities, or information sharing. A Principal Investigator needs to receive Faculty Council on Research (FCR) approval before the University enters into a restricted research agreement.
Review:
- UW EO on Classified, Proprietary and Restricted Research
- UW APS on Information Security and Privacy Policies and Standards
Pay close attention to the Request for Proposal where it lists the classified or restricted research requirements. These requirements will have implications for setting up and managing the project, including budget impacts.
If awarded, federal regulation requires plans and metrics for restricted research with Homeland Security Presidential Directive 12 (HSPD-12), Federal Information Processing Standards (FIPS), and/or Federal Information Security Management Act (FISMA). These plans must be in place within as little as 30 days after receipt of the award.
Classified Research
When personnel need to access classified information or facilities, the research must receive additional review and approval through the Faculty Council on Research (FCR) and the University Facility Security Officer (FSO). Project personnel must obtain security clearance through the FSO.
Review more information on handling classified information at set up.
Human Subjects Research
Research that involves human subjects and is classified for reasons of national security raises special issues for IRB review and for the process of obtaining informed consent, particularly with respect to the level of disclosure and waivers of informed consent.
Consult with the Human Subjects Division (HSD) in advance before submitting your proposal, to ensure that the UW IRB will be able to meet the special requirements of classified research.
To consult, and/or to request a Letter of Support from HSD, send an email to hsdinfo@uw.edu.
Controlled Unclassified Research
Classified research is not the only reason a project may be considered restricted. Restrictions on personnel, information sharing (controlled unclassified information – CUI) or access to campus facilities for national security purposes is also restricted research.
Sponsors may have other requirements which must be in place to receive funding when CUI is involved. For example, the Department of Defense has a Cybersecurity Maturity Model Certification requirement for specific DoD contracts that handle CUI. Review more information on Preparing for DoD Contract Cybersecurity Requirements at the UW.
Policy, Regulation, and Guidance
- GIM 01 – Review and Submission Requirements for Proposals
- Export Control Measures
- Executive Order 8: Classified, Proprietary, and Restricted Research
- APS 2.4 Information Security and Privacy Roles, Responsibilities, and Definitions
- Office of the Chief Information Security Officer: Laws
- APS 2.6 Information Security Controls and Operational Practices
- Homeland Security Presidential Decision Directive 12 (HSPD-12)
- Federal Information Protection Standard (FIPS)
- Information Assurance
- Defense Federal Acquisition Regulation Standards (DFARS) 252.204-7012
- Federal Information Security Management (and Modernization) Act (FISMA)
- Set up: Classified Research