Research is a crucial activity for the University of North Texas System Enterprise.
A key part of successful research is ensuring the protection of all data and complying
with cybersecurity and information technology requirements.
The processing, storing, and transferring of data for research must comply with University
of North Texas System Regulations and University of North Texas Policies, as well
as the UNT System Information Security Program. Additional cybersecurity and technology
requirements from the funding organization may be required as well.
Cybersecurity and IT Compliance assessments are required for research technology environments
when a research contract or agreement contains specific technology or cybersecurity
requirements.
Training is available to all UNT System Enterprise faculty and staff on the research
security review process:
Do you need to procure software for your research project?
Campus Research Websites:
Frequently Asked Questions
The UNT System IT Procurement regulation and the UNT System Information Security Program
require that all software acquisitions be reviewed to ensure compliance with federal
and State of Texas laws and UNT System regulations, policies, and standards. To initiate
the technology risk assessment of your software , please submit a Technology Acquisition Questionnaire.
Should your research project contract include technology requirements from the sponsoring
organization, Cybersecurity and IT Compliance will review the technology environment
used for your research to ensure it meets these requirements. This review will assess
all hardware, software, networks, and data storage systems utilized.
The State of Texas established the Texas Risk and Authorization Management Program
(TX-RAMP) in Texas Government Code § 2054.0593 to ensure cloud computing services
maintain sufficient cybersecurity controls to protect state-controlled data. TX-RAMP
certification is required for all cloud computing services that store or process confidential
information. Additional information on TX-RAMP may be found on the Texas Department
of Information Resources website at: Texas Risk and Authorization Management Program (TX-RAMP) | Texas Department of Information
Resources
Controlled Unclassified Information (CUI) is Federal non-classified information the
U.S. Government creates or possesses, or that a non-Federal entity receives, possesses,
or creates for, or on behalf of, the U.S Government, that requires information and
information system security controls as identified in a law, regulation, or government-wide
policy. CUI is protected in accordance with security controls deemed appropriate by
the governing agency. If your research project involves CUI it may be subject to a
Cybersecurity and IT Compliance assessment.
CMMC stands for Cybersecurity Maturity Model Certification, a program created by the
Department of Defense (DoD) to ensure cybersecurity controls and processes adequately
protect Federal Contract Information and Controlled Unclassified Information.
DoD or other federal sponsored research contracts may include a direct or flow-down
Defense Federal Acquisition Regulations (DFARs) clause that brings CMMC into scope.