With more and more college applications being processed online, the need to protect data is higher than ever before. Higher education institutions must adhere to strict standards when it comes to the design of their IT systems and the use of data collected by each college or university.
The government has stepped in to help regulate the sharing of data by issuing the NIST Special Publication 800-171. This document contains valuable information that higher education institutions can use to improve data control in the future.
1. Controlled Unclassified Data
To understand how NIST Special Publication 800-171 applies to a college or university, you must first have an understanding of what the government refers to as controlled unclassified information (CUI).
CUI is defined as data that is shared by the federal government with a non-government agency or entity. If there are no other laws or regulations that govern the use of the information shared by the federal government, then the standards outlined in the NIST Special Publication 800-171 hold precedence.
2. Types of Regulated Data
CUI can take many different forms in a university or college setting. Higher education institutions often work with the federal government to secure tuition funding for students. Any information provided by the government during the financial aid application process is classified as CUI.
Research universities and colleges can also be subject to the guidelines within the NIST Special Publication 800-171 if they work with government agencies on certain research projects. The government collects a wide range of data on various topics that can be utilized in academic research.
The dispersal of this data from a government agency to a university as part of a research grant qualifies the data as CUI.
3. Contractual Obligations
To remain in compliance with government regulations, higher education institutions sharing information with the federal government will be required to fill out contracts. These contracts should outline the specific types of data that the government is categorizing as CUI so that the college or university has a clear understanding of which data should be handled with care.
Contracts ensure that higher education institutions will follow the terms of the NIST Special Publication 800-171 to provide maximum protection for all data shared by the government over time.
Handling data properly is essential to the ongoing success of any higher education institution. Be sure that your IT systems and processes are equipped to ensure compliance with the NIST Special Publication 800-171.