Controlled Unclassified Information (CUI)
Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls according to applicable laws, regulations, and government-wide policies, but is not classified.
What is Controlled Unclassified Information (CUI)?
Controlled Unclassified Information (CUI) is a category of information in the United States federal government that requires protection under laws, regulations, or government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.
CUI replaces the previous system of "Sensitive But Unclassified" (SBU) information, which was a designation used for decades but without a clear or consistent set of rules for how to handle such information. The CUI program standardizes the way the federal government handles non-classified information that requires protection, such as personal privacy information, proprietary business information, critical infrastructure information, and law enforcement investigation information, to name a few.
Here are key aspects of CUI:
- Categorization: CUI is categorized into various groups and subcategories to reflect the nature of the information and the need for access and dissemination controls.
- Marking: Documents or materials that contain CUI must be properly marked to alert handlers to the presence of CUI.
- Handling: There are specific requirements and guidelines for handling CUI, including storage, transmission, and destruction.
- Training: Agencies are required to train their employees on handling CUI properly.
- Compliance: Contractors and other non-federal entities who handle CUI must comply with federal standards for protecting CUI, often outlined in the National Institute of Standards and Technology (NIST) publications, such as NIST SP 800-171.
The CUI program is managed by the National Archives and Records Administration (NARA), and it affects a wide range of stakeholders across the federal government, as well as state and local entities, private sector organizations, and academic institutions that work with the federal government.