1. Home
  2. Divisions
  3. Cybersecurity and IT Compliance
  4. IT Compliance
  5. Research Data Protection
  6. FAQs

Frequently Asked Questions

The UNT System IT Procurement regulation and the UNT System Information Security Program require that all software acquisitions be reviewed to ensure compliance with federal and State of Texas laws and UNT System regulations, policies, and standards. To initiate the technology risk assessment of your software , please submit a Technology Acquisition Questionnaire.

Should your research project contract include technology requirements from the sponsoring organization, Cybersecurity and IT Compliance will review the technology environment used for your research to ensure it meets these requirements. This review will assess all hardware, software, networks, and data storage systems utilized.

The State of Texas established the Texas Risk and Authorization Management Program (TX-RAMP) in Texas Government Code § 2054.0593 to ensure cloud computing services maintain sufficient cybersecurity controls to protect state-controlled data. TX-RAMP certification is required for all cloud computing services that store or process confidential information. Additional information on TX-RAMP may be found on the Texas Department of Information Resources website at: Texas Risk and Authorization Management Program (TX-RAMP) | Texas Department of Information Resources
Controlled Unclassified Information (CUI) is Federal non-classified information the U.S. Government creates or possesses, or that a non-Federal entity receives, possesses, or creates for, or on behalf of, the U.S Government, that requires information and information system security controls as identified in a law, regulation, or government-wide policy. CUI is protected in accordance with security controls deemed appropriate by the governing agency. If your research project involves CUI it may be subject to a Cybersecurity and IT Compliance assessment.
CMMC stands for Cybersecurity Maturity Model Certification, a program created by the Department of Defense (DoD) to ensure cybersecurity controls and processes adequately protect Federal Contract Information and Controlled Unclassified Information.
DoD or other federal sponsored research contracts may include a direct or flow-down Defense Federal Acquisition Regulations (DFARs) clause that brings CMMC into scope.