The joint comments submitted by major higher education associations—including the American Council on Education (ACE), Association of American Universities (AAU), Association of Public and Land-grant Universities (APLU), COGR, and EDUCAUSE—critique and provide recommendations on the Federal Acquisition Regulation (FAR) Case 2017-016, which introduces regulations governing Controlled Unclassified Information (CUI) in federal contracting. The associations represent a wide cross-section of U.S. research universities and higher education organizations that regularly engage in federally funded research and contracts. They broadly support the effort to clarify CUI management and safeguarding but highlight several concerns primarily related to the impact of the proposed rule on research activities and institutional operations.
Key recommendations focus on aligning definitions of CUI and Covered Federal Information (CFI) with existing authoritative sources to ensure consistency and clarity, particularly regarding fundamental research exclusions. The associations caution against limiting such exclusions to only science, technology, and engineering, warning that imposing CUI safeguarding on fundamental research in other academic fields could hinder participation in federal research. They express concerns about the proposed contractor obligations regarding unmarked or mismarked CUI, the burdensome nature of associated training and eight-hour incident reporting requirements, and the financial and administrative implications for institutions, especially smaller or less-resourced ones. The commenters advocate adopting the seventy-two-hour reporting timeframe used in other regulations and recommend more targeted and reasonable training requirements. They also address specific issues such as the management of CUI in relation to patents, warning that additional review processes could undermine timely intellectual property protection. In addition, they suggest broader stakeholder discussions about updating CUI marking practices to reflect modern data transfer needs while balancing security risks. Throughout, the letter underscores the importance of practical, consistent, and field-appropriate regulation to maintain the vitality of federally funded research and innovation within higher education institutions.
