Controlled Unclassified Information (CUI) Safeguarding Guidelines

Guidelines for handling Controlled Unclassified Information (CUI), including marking requirements, categories of CUI, and safeguarding procedures. Understand the difference between CUI FOUO (For Official Use Only) and CUI program, as well as minimum marking requirements for documents containing CUI.

• Information Security
• Government Policy
• CUI Safeguarding
• Marking Requirements
• Controlled Unclassified Information

zafi_47 Follow

Uploaded on Nov 14, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Unclassified information the Government creates/possesses that a law, regulation, or Government-wide policy requires/permits any agency to handle using safeguarding or dissemination controls (i.e., DoD work products and emails) Unclassified information an entity creates/possesses for/on behalf of the Government that is protected by law, regulation, or Government-wide policy (i.e., information associated with DoD contracts) A safeguarding system for UNCLASSIFIED information Examples (includes, but not limited to): PII/Privacy Act Information Critical information (OPSEC) Source Selection Information Intelligence Information Controlled Technical Information Export Controlled Information Emergency Management Information Law Enforcement Information Legal Privilege Pre-decision Budget/Policy Information Defense Critical Infrastructure Information/DoD Critical Infrastructure Security Information What is Controlled Unclassified Information (CUI)?

2. CUI FOUO vs. CUI FOUO vs. CUI FOUO was authorized to protect UNCLASSIFIED information that may be exempt from mandatory disclosure under the Freedom of Information Act(FOIA). Markings were designated/controlled by the nine (9) FOIA exemptions. FOUO CUI Program: Developed a common marking system across Federal agencies Created categories to capture the many types of UNCLASSIFIED information requiring safeguarding Categorized according to the specific law, regulation, or government-wide policy requiring control FOUO markings no longer authorized! All legacy-marked FOUO does not necessarily qualify as CUI (i.e., not automatically a one-to-one swap) Information previously marked FOUO does not need to be re-marked; however, if that same information is put in a new document or is shared outside the department, reassessment is needed to see if it meets CUI criteria and requires re-marking

3. Minimum Marking Requirements Minimum Marking Requirements Authorized document holder responsible for determining, at time of creation, whether information falls into a CUI category, and if so, for applying CUI markings accordingly! Include acronym CUI in the header (above everything) and footer (below everything) of each page of the document (Do not add Unclassified before the CUI marking) Include a CUI Designation Indicator Block on the first page, containing (at minimum): (Name of the company determining that the information is CUI (i.e., ABC Corp) (If letterhead/another standard indicator of origination is used, this line may be omitted). Line (2): Controlled by: (The office making the determination/creating the document (a subordinate level; use best judgement for clarity given who the audience will be, etc. ) (i.e., ABC Corp Contracts, ABC Corp CFO) Line (3): CUI Category: Identify all types of CUI contained in the document (A complete list of DoD CUI Indexes/Categories can be found at https://www.dodcui.mil/Home/DoD-CUI-Registry/) Use only the DoD-approved category abbreviations/acronyms! Line (4): Distribution/Dissemination Controls: (The distribution statement or the limited dissemination control (LDC) applicable to the document) (LDCs identify the audience deemed to have an authorized lawful government purpose to use the CUI) (a complete list of LDC markings can be found at https://www.dodcui.mil/). Line (5): POC: Name and phone number or office mailbox for the originating authorized CUI holder (i.e., who should be called about the document, document originator or central POC) Line (1): Controlled by:

4. Excel Excel Spreadsheet Markings Spreadsheet Markings Include CUI in the header/footer to ensure it displays on all pages File Print Page Setup Header/Footer Tab Customer Header/Footer Include the CUI Designation Indicator Block at the top of the excel spreadsheet, not in the header, so it only appears on the first page

5. Emails Containing CUI Emails Containing CUI Emails must be encrypted if possible! Include the acronym CUI at the top and bottom of the message content (not in Subject Line of email). Include a CUI designation indicator block containing (at minimum) the Line (1) (5) information noted above on Slide 3. Emails containing both Source Selection Sensitive and CUI must contain both the Source Selection Information See FAR 2.101 & 3.104 legend (in email subject line) and CUI header/footer banners & CUI designation indicator block (as instructed above)