The United States Department of Defense (DoD) defines Controlled Unclassified Information (CUI) as "Government created or owned UNCLASSIFIED information that must be safeguarded from unauthorized disclosure." The idea of CUI was established by Executive Order 13556 on November 4, 2010. It was a product of the realization that across all levels of mission areas, DoD personnel and Federal Contractors will receive, create, handle or disburse information that, while labelled UNCLASSIFIED, provides value to the United States and may be targeted by strategic competitors and/or adversaries.
Prior to establishing CUI, individual agencies used their own unique labels to identify UNCLASSIFIED information in need of safeguarding. Such labels included:
Under EO 13556, these labels were standardized under the single Controlled Unclassified Information (CUI) label.
Law, regulation, or Government-wide policy may require or permit safeguarding or dissemination controls in three ways: Requiring or permitting agencies to control or protect the information but providing no specific controls, which makes the information CUI Basic; requiring or permitting agencies to control or protect the information and providing specific controls for doing so, which makes the information CUI Specified; or requiring or permitting agencies to control the information and specifying only some of those controls, which makes the information CUI Specified, but with CUI Basic controls where the authority does not specify.
Simply put, information designated as CUI Basic does not have to be labeled in any specific way, while CUI Specified information includes a clear process for signifying it as CUI. CUI Specified data may be required to use unique markings, increased physical safeguards and even limits on who can access the data.
Each CUI Category is designated a Safeguarding and/or Dissemination Authority; this authority determines whether or not information related to their category should be labeled as Basic or Specified.
As stated previously, CUI Specified markings are determined based on the category's Safeguarding and/or Dissemination Authority. There are 125 CUI categories organized under 20 organizational index groupings:
The CUI Registry outlines for each category:
All documents need to be labeled with their appropriate banner markings to alert those who access them of their CUI nature. CUI markings MUST appear at the top of the page and use the following format:
"CUI" or "CONTROLLED" // [CUI Category Marking, If Required] // [Limited Dissemination Controls, If Applicable]
Limited Dissemination Controls and Markings Include:
Register for our OnDemand Federal Sales Certification Training Course and gain the tactical skills you need to effectively sell to the Federal Government!