Federal Contract Information (FCI) Guidelines for USU PIs
What is FCI?
Federal contract information (FCI) is defined as information that is (1) provided by or generated for the US government under a contract to develop or deliver a product or service to the government and (2) not intended for public release.
FCI vs. CUI: Unlike for FCI, USU’s IT infrastructure currently does not allow researchers on campus to process, store, or transmit Controlled Unclassified Information (CUI). For more information on CUI at USU, review the CUI Guide for PIs.
How to Determine if an Award Features FCI
Review the Award for References to FCI
Special controls for working with FCI may be required if an RFP/solicitation or award documentation includes any of the following references:
- Federal contract information (FCI)
- Covered Contractor Information System
- FAR clause 52.204-21 – Basic Safeguarding of Covered Contractor Information Systems
- 48 CFR 52.204-21 – Basic Safeguarding of Covered Contractor Information Systems
The Sponsored Programs Office (SPO) will also review the RFP/solicitation and award documentation for any of the above references to FCI. PIs should include a copy of the RFP in their Kuali proposal or send a copy directly to SPO and their departmental proposal development specialist to assist them in their review for potential FCI.
If there are references to FCI in the RFP/solicitation or award documentation: The PI will coordinate with SPO to contact the sponsor and confirm that the project will feature FCI. At times, sponsors may include stock terms or references that do not apply to a specific project.
If the sponsor clarifies that the project will not involve FCI: SPO will request that the sponsor remove the irrelevant references to FCI from the contract, namely FAR clause 52.204-21.
If the federal sponsor confirms the project will feature FCI: The PI will coordinate with SPO to:
- Ask the federal sponsor to identify what information provided by or generated for the sponsor constitutes FCI; and
- Ask the federal sponsor to provide a means for working with FCI exclusively on the sponsor's systems and not on USU systems.
If the federal sponsor requires the PI to work with FCI on USU systems: PIs will follow the steps outlined in the section below, How to Participate in a Project Involving FCI.
How to Participate in a Project Involving FCI
Non-federal systems (such as USU’s) that store, process, or transmit FCI must follow the security requirements outlined in Federal Acquisition Regulation (FAR) clause 52.204-21.
USU has developed a standardized project template that allows PIs to satisfy the requirements of FAR clause 52.204-21.
After a PI has coordinated with the Sponsored Programs Office (SPO) and confirmed that a project will feature FCI, and once the award is finalized, SPO will initiate the FCI Compliance Attestation for the PI to complete in the Kuali system.
PIs will not be able to begin work on the project until they complete this attestation.
After the PI completes the FCI Compliance Attestation, and for the duration of the project, PIs are responsible for ensuring that all project personnel comply with the requirements referenced in the Attestation.
For more information about CMMC Level 1 at USU, review USU Information Technology’s CMMC webpage.