What Is Cui Compliance?

What is CUI in security?

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies, but is not classified under Executive Order 13526 “Classified National Security Information” or the Atomic Energy Act, as amended.

How do you safeguard CUI?

1. Level 1 suggests performing basic cyber hygiene practices like installing anti-virus software and regularly changing passwords to safeguard Federal Contract Information (FCI).
2. Level 2 describes an “intermediate level of cyber hygiene” that begins implementing NIST SP 800-171 requirements to secure CUI.

What are examples of CUI?

Examples of CUI would include any personally identifiable information such as legal material or health documents, technical drawings and blueprints, intellectual property, as well as many other types of data. The purpose of the rule is to make sure that all organizations are handling the information in a uniform way.

What is the CUI program?

The CUI program is intended to standardize the way the executive branch handles unclassified information that, although unclassified, is still sensitive and merits special controls to prevent unauthorized access.

What is goal of destroying CUI?

When destroying CUI, including in electronic form, agencies must do so in a manner making it unreadable, indecipherable, and irrecoverable. If the law, regulation, or government-wide policy specifies a method of destruction, agencies must use the method prescribed. You may also read,

Who can destroy CUI?

Therefore, all CUI paper MUST be destroyed using a high security shredder that produces a final particle size of 1mmx5mm or less, such as those listed on the NSA/CSS 02-01 EPL for classified paper destruction. All of SEM’s high security shredders meet this mandate. Check the answer of

What are two types of CUI?

• Controlled Technical Information (CTI)
• DoD Critical Infrastructure Security Information.
• Naval Nuclear Propulsion Information.
• Unclassified Controlled Nuclear Information – Defense (UCNI)

How do I know what is CUI?

Some types of information are simple to identify as CUI. “Export control” includes any information that is subject to export control, such as International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR)—this would be CUI. Read:

What does CUI mean?

Examples of CUI would include any personally identifiable information such as legal material or health documents, technical drawings and blueprints, intellectual property, as well as many other types of data. The purpose of the rule is to make sure that all organizations are handling the information in a uniform way.

What is a CUI category?

Established by Executive Order 13556, the Controlled Unclassified Information (CUI) program standardizes the way the Executive branch handles unclassified information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies.

Who protects CUI?

As of the writing of this page, the Department of Defense (DoD) has been the first agency to adopt controls regarding the safeguarding of CUI, which they have enacted through specific regulations that specify how certain federal and nonfederal organizations must control CUI in their environment.

Does CUI replace SBU?

SBU, which stands for Sensitive But Unclassified information, is in the process of being replaced by a newly mandated Government-wide initiative, which will result in SBU being renamed to Controlled Unclassified Information (CUI).

Does CUI need to be encrypted?

Answer: Yes. CUI must be encrypted in transit.

What level of system is required for CUI?

The Federal Information Systems Modernization Act (FISMA) requires that CUI Basic be protected at the FISMA Moderate level and can be marked as either CUI or Controlled.