Everything you need to know about Controlled Unclassified Information. The page is broken down into the following sections:
- Controlled Unclassified Information
- The Purpose of the CUI Program
- Applicable Laws, Regulations and Government-Wide Policies that Govern the CUI Program
- Resources and Contacts
Controlled Unclassified Information (CUI)
Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified.
The Purpose of the CUI Program
The purpose of the CUI program is a unified effort between Executive Branch agencies to standardize these protections and practices across departments and agencies.
Applicable Laws, Regulations and Government-Wide Policies that Govern the CUI Program
Executive Order 13556 "Controlled Unclassified Information" (the Order), establishes a program for managing CUI across the Executive branch and designates the National Archives and Records Administration (NARA) as Executive Agent to implement the Order and oversee agency actions to ensure compliance. The Archivist of the United States delegated these responsibilities to the Information Security Oversight Office (ISOO).
32 CFR Part 2002 "Controlled Unclassified Information" was issued by ISOO to establish policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements, and other facets of the Program. The rule affects Federal executive branch agencies that handle CUI and all organizations (sources) that handle, possess, use, share, or receive CUI—or which operate, use, or have access to Federal information and information systems on behalf of an agency.
Pursuant to 32 C.F.R. 2002.20, all federal agencies are required to uniformly and conspicuously apply controlled unclassified information (CUI) markings to all documents and information containing CUI. Commission staff shall be responsible for properly protecting, marking and otherwise handling CUI in accordance with all applicable FTC CUI policies, procedures, and guidance.
However, “[w]hen an agency designates information as CUI but determines that marking it as CUI is excessively burdensome, an agency’s CUI Senior Agency Official may approve waivers of all or some of the CUI marking requirements while that CUI remains within agency control.” 32 CFR 2002.38.
Any questions concerning this waiver or agency CUI marking requirements should be directed to either CUI Senior Agency Official, April Tabor, at email@example.com or the CUI Program Manager, Cynthia Savage, at firstname.lastname@example.org.
Resources and Contacts
For more information on the CUI Program and its elements, please visit the CUI Registry at Controlled Unclassified Information (CUI) | National Archives From the CUI Registry you will find training videos, and additional resources to increase your understanding of these concepts.