OMG! Have You Seen the New CUI Rule?

Tuesday, May 20, 2025 | 3:00PM–3:45PM ET | Harborside Ballroom C, 4th Floor
Session Type: Breakout Session
Delivery Format: Presentation/Panel
This session will provide an opportunity for lively discussion on the new FAR (Federal Acquisition Regulation) proposed rule on safeguarding Controlled Unclassified Information (CUI). Published on January 15, 2025, it attempts to align contractor responsibilities with NIST SP 800-171 across federal contracts. It also introduces new security and subcontractor compliance requirements, training mandates, and a very short window of eight hours for CUI incident reporting.  There are also concerns about self-attestation, definition and marking of CUI, integration with Defense Federal Acquisition Rules (DFARS) including CMMC, and institutional impact. Presenters will provide a comprehensive overview of the proposed rule’s requirements, its implications for higher education institutions receiving federal contracts, and actionable steps to prepare for compliance obligations. Attendees will gain insights into how this rule affects their cybersecurity obligations and how to navigate the evolving regulatory landscape effectively. Bring your questions (and solutions!) to share with the session presenters and attendees. Remember: sharing is caring!

Presenters

  • Michael Connelly

    Assistant Compliance and SCRM Program Manager / Chief Strategist Classified Policy and Programs, The Johns Hopkins University

  • Jodi Ito

    CISO, University of Hawaii System Office

Resources & Downloads

  • Presentation slides for OMG Have you seen the new CUI proposed rule

    Updated on 5/16/2025