Controlled Unclassified Information
Jump to navigation
Jump to search
A Controlled Unclassified Information is a sensitive government information that requires safeguarding or dissemination controls pursuant to federal law, regulation, or policy.
- AKA: CUI, Sensitive But Unclassified Information, For Official Use Only, Law Enforcement Sensitive.
- Context:
- It can typically require CUI Marking with category designations and limited dissemination controls.
- It can typically mandate CUI Safeguarding through NIST SP 800-171 compliance.
- It can often include CUI Basic and CUI Specified categories with different handling requirements.
- It can often necessitate CUI Training for authorized personnel.
- It can range from being a CUI Basic Information to being a CUI Specified Information, depending on its CUI category designation.
- It can range from being a Physical CUI to being an Electronic CUI, depending on its information medium.
- It can range from being a Internally Generated CUI to being an Externally Received CUI, depending on its information source.
- It can range from being a Active CUI to being an Archived CUI, depending on its information lifecycle stage.
- It can integrate with Federal Information Systems through CUI registry.
- It can support Government Contract Performance through controlled information sharing.
- ...
- Examples:
- CUI Categories, such as:
- CUI by Sector, such as:
- ...
- Counter-Examples:
- Classified Information, which requires security clearances and classification markings.
- Public Information, which lacks dissemination controls.
- Federal Contract Information, which may not rise to CUI threshold.
- See: Federal Contract Information, Government Information, Information Security Classification, NIST SP 800-171, Executive Order 13556, Government Information Protection, Data Safeguarding Framework, Compliance Management System, Federal Information Security Standard, Federal Acquisition Regulation Clause.