What documents are Cui?

Table of Contents

Controlled Unclassified Information (CUI) is unclassified information requiring safeguarding and dissemination controls, consistent with applicable law, regulation, or government-wide policy. The signing of Executive Order (E.O.) 13556 on November 04, 2010 established CUI. You can access this E.O.

Are drawings considered Cui?

DoD-related Controlled Unclassified Information (CUI) includes information types, such as Controlled Technical Information, as well as financial and contract information. Some of the many types of information that are considered CUI include: research and engineering data. engineering drawings & lists.

Who decides Cui?

Whether CUI is Basic or Specified is determined by the applicable Safeguarding and/or Dissemination Authority for that CUI. Each “Safeguarding and/or Dissemination Authority” citation links to the statute, regulation or government-wide policy authorizing the control of that information as CUI.

Is CTI a CUI?

CUI is an umbrella term that encompasses all CDI and Controlled Technical Information (CTI). CTI is defined as technical information with a military or space application that is marked with a distribution statement in accordance with DoDI 5230.24 (Distribution Statements on Technical Documents).

What is the difference between Cui and Fouo?

Question: What is the difference between U//FOUO and CUI? Answer: U//FOUO is a legacy marking used to indicate sensitivity based on agency policy or practice. CUI is a marking that is used to indicate the presence of CUI basic information.

Is Cui a classification?

CUI is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws, regulations and government wide policies. CUI is not classified information.

What is basic Cui?

CUI Basic is the subset of CUI for which the authorizing law, regulation, or Government-wide policy does not set out specific handling or dissemination controls. Agencies handle CUI Basic according to the uniform set of controls set forth in this part and the CUI Registry.

Is email a CUI?

When sending an email; a banner marking must appear at the top portion of the email. In addition to the banner marking, an indicator can be included in the subject line to indicate that the email also contains CUI. “Contains CUI” can appear in the subject line to alert recipients that CUI is present in the email.

Does Cui replace unclassified?

“CUI” replaces legacy markings in the header, footer, and portion markings. While “CUI” does not need to be preceded by an unclassified marking such as “U” in “U//FOUO”, any portions or subparagraphs should be properly marked “U” or “CUI” in a mixed document.

Is Fouo considered Cui?

Controlled Unclassified Information (CUI) is a category of unclassified information within the U.S. Federal government. CUI replaces the labels For Official Use Only (FOUO), Sensitive But Unclassified (SBU), and Law Enforcement Sensitive (LES).

What is Cui at rest?

CUI at rest means information that does not move through the network and may be stored on hard drives, media, and mobile devices. Develop a scheme and implement the necessary security controls to protect the confidentiality of CUI at rest.

What network configuration is required for Cui?

What level of system and network configuration is required for CUI? It is mandatory to include a banner marking at the top of the page to alert the user that CUI is present.

Who is responsible for protecting Cui DoD?

NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, provides federal agencies with a set of recommended security requirements for protecting the confidentiality of CUI.

Can foreign nationals access Cui?

Access to CUI is usually restricted to Non-U.S. persons, unless the sponsor has agreed to grant access to a Non-U.S. person under a fully executed non-disclosure agreement (NDA).

How do you control flow of Cui?

Firewalls and proxy servers can be used to control traffic flow. Typically, organizations will have a firewall between the internal network and the internet. Often multiple firewalls are used inside a network to create zones to separate sensitive data, business units or user groups.

How can you protect the confidentiality of Cui at rest?

CUI can be stored at rest in any non-mobile devices or data center unencrypted, as long as it is protected by other approved logical or physical methods. This can be accomplished using cryptographic mechanisms and file share scanning.

Does NIST 800-171 require encryption at rest?

The NIST 800-171 requires contractors to protect the confidentiality of data at rest by employing FIPS-validated cryptography and manage the cryptographic keys that are used for the chosen cryptography employed in the information system.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.