Controlled Unclassified Information

From MgmtWiki
Jump to: navigation, search

Full Title

CUI (Controlled Unclassified Information) is a term for data that the US DoD and other security agencies do not want to be widely available but does need to be shared with suppliers.

Context

  • Government created or owned UNCLASSIFIED information that must be safeguarded from unauthorized disclosure.
  • An overarching term representing many difference categories, each authorized by one or more law, regulation, or Government-wide policy.
  • Information requiring specific security measures indexed under one system across the Federal Government.

Why is CUI important?

  • The establishment of CUI was a watershed moment in the Department’s information security program, formally acknowledging that certain types of UNCLASSIFIED information are extremely sensitive, valuable to the United States, sought after by strategic competitors and adversaries, and often have legal safeguarding requirements.
  • Unlike with classified national security information, DoD personnel at all levels of responsibility and across all mission areas receive, handle, create, and disseminate CUI.
  • UI policy provides a uniform marking system across the Federal Government that replaces a variety of agency-specific markings, such as FOUO, LES, SBU, etc.

Standards

  1. From its inception NIST 171
  2. CCMC capability maturity
  3. SPRS

Solutions

References