Skip to main content

System Status: 

CMMC and CUI at UC San Diego

By 2025, recipients of DoD contracts will be required to comply with the Cybersecurity Model Maturity Certification provisions.

Controlled Unclassified Information (CUI) is information required to comply with a federally established cybersecurity practices. While most contracts or grants that designate research data and artifacts as CUI come from the Department of Defense, many other state and federal agencies also include these requirements in the agreements.

The Department of Defense (DoD) has begun implementation of a new broader set of security requirements known as the Cybersecurity Maturity Model Certification or CMMC program. For researchers who receive contracts from the DoD, the CMMC program will generally replace CUI. It should be noted that CMMC is a tiered system of security requirements that will apply even to data not traditionally considered sensitive.

At UC San Diego we have embarked on an aggressive program to provide cybersecurity support to researchers, including those requiring the the expanded obligations of level 3 of the CMMC system. CMMC and CUI services are fee based, while a self-certification program with software tools and support is free to all UC San Diego faculty and researchers.

Resources and More Information

Why CMMC Matters

Understand the implications of CMMC and what UC San Diego is doing to comply.

Learn More

Faculty Toolkit

Starting point for UC San Diego faculty to understand what they need to do.

Learn More

University Programs

Through our Center of Excellence, apply and implement our infrastructure at your location.

Learn More