Business Unit: Information Technology Services

For the university to maintain its portfolio of research contracts and continue to receive external research awards from the U.S. government, Northeastern must comply with the federal government’s new requirements for handling sensitive or classified information. Northeastern’s IT Services, Research Enterprise Services, and other key stakeholders and research partners are seeking level 3 of the Cybersecurity Maturity Model Certification 2.0 and putting the processes, governance, and training in place to meet these requirements. As a result of these efforts, the Kostas Research Institute’s affiliated researchers and collaborators can show that they meet the government’s existing CMMC 2.0 standards and can steward data in the appropriate way to maintain existing contracts and seek new opportunities.  


Kick-off: March 26, 2020

Status Update  

Northeastern is seeking certification for several university research environments that handle Controlled Unclassified Information (CUI) that falls under CMMC 2.0, with the Kostas Research Institute nearing readiness. The U.S. Government has recently made a decision to change the requirements, which they are still in the process of doing. Limited progress can be made until the new requirements are released, expected in mid 2022.