Introduction

The UCF Office of Research’s Cyber Risk Management Program provides oversight for protection of federal unclassified information collected, generated or managed on behalf of a federal agency. This information is also known as Controlled Unclassified Information or CUI. Federal CUI is protected under federal statutes such as FISMA and HIPAA, in addition to federal agency regulations (i.e. DFARS, CJIS, IRS Pub 1075, CMS, and FAR) by implementing risk management and IT best practices published in authoritative standards maintained by the National Institute of Standards and Technology (NIST).

The Research Office of Cyber Risk Management also provides value added services across the entire university to UCF Research Institutes and Researchers engaging in federally sponsored contracts, agreements, and grants. Additionally, for projects that deal with ITAR or EAR information the Research Cyber Risk Management Program Office works closely with the Export Control Office to ensure proper security and risk management procedures are in place to protect ITAR and EAR information.

The mission of the Research Office of Cyber Risk Management is to also enhance and protect the Office of Research reputation, contract, and agreement value by providing risk-based and objective assurance, advice, and insight in the following service areas:

  • Cyber Risk Management Planning and CUI Oversight;
  • Cyber Risk Standards and Engineering Methods to protect CUI;
  • Cyber Risk Assessments and Recommendations for Corrective Actions;
  • Cyber Risk Management Framework practices in support of an institutional-wide and comprehensive UCF Enterprise Risk Management (ERM) program; and
  • Cyber Security Statutory and Regulatory Compliance tracking and reporting

As a service provider within the Research community, we support the efforts of the Research IT Controlled AWS FedRAMP Environment (CAFÉ) to provision and protect research projects in a federally compliant and secure cloud-based environment. We first consider the overall needs of our federal researchers and we are diligent to foster open and collaborative relationships. We use modern day risk-based management and project engagement to identify improvements and enhancements for governance, financial outcomes, and operational processes. We ensure that communication with our clients and staff support our Office of Research mission to advance and integrate risk awareness plus security requirements into research project work efforts. Overall the office and program is here to collaborate on proactive and innovative improvements to Office of Research business processes through high-quality assurance and advisory services.

For information on the policies, standards and procedures for Knight Shield, please visit the IST-SMST Policies page.