Data Security

​Export-controlled data often requires specific data security measures per federal regulation, contract, sponsor, provider, and/or institutional policies. ITAR-controlled technical data typically requires enhanced controls on access, use, storage, transmission, and disposal. In some cases, EAR-controlled data may require a similar level of security.  

Likewise, federal information security standards for Controlled Unclassified Information (CUI) apply to both export-controlled and other types of data. Examples of such requirements include compliance with 32 CFR Part 2002DFARS 252.204.7012, NIST SP 800-171, etc. 

FIU personnel who receive, use, and/or generate export-controlled data (ITAR or EAR-controlled) must carefully consider what (if any) data security requirements apply to such data. The Export Office, ORED, and FIU ITS can assist personnel with determining which data security requirements apply to export-controlled and other sensitive data, and how to adequately implement controls through a Technology Control Plan (TCP).

Note: if you are applying for a sponsored research project or are collaborating in a project that includes export-controlled data and/or CUI data security requirements, please coordinate with ORED to complete the Sensitive Data/ CUI form as soon as possible. ORED will work with ITS and the Export Office to develop a System Security Plan for your project that addresses data security requirements.

For international travel with laptops and other electronic devices, please review the Travel page for more information.