Actions

Controlled Unclassified Information (CUI)

Revision as of 20:33, 17 February 2021 by User (talk | contribs) (Created page with "'''Controlled Unclassified Information (CUI)''' is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Controlled Unclassified Information (CUI) is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws, regulations and government wide policies. CUI is not classified information. It is not corporate intellectual property unless created for or included in requirements related to a government contract. Because there are fewer controls over CUI as compared to classified information, CUI is the path of least resistance for adversaries. Loss of aggregated CUI is the one of the most significant risks to national security, directly affecting lethality of our warfighters.[1]

Federal agencies routinely generate, use, store, and share information that, while not meeting the threshold for classification as national security or atomic energy information, requires some level of protection from unauthorized access and release. Protection may be required for privacy, law enforcement, or other reasons pursuant to and consistent with law, regulation, and/or Government-wide policy. Historically, each agency developed its own practices for sensitive unclassified information, resulting in a patchwork of systems across the Executive branch in which similar information might be defined and labeled differently, or where dissimilar information might share a definition and/or label, depending on the agency which originally created the information.

The Controlled Unclassified Information (CUI) program represents an unprecedented initiative to standardize practices across more than 100 separate departments and agencies; State, local, Tribal and, private sector entities; academia; and industry, to enable timely and consistent information sharing, and to increase transparency throughout the Federal government and with non-Federal stakeholders. Sharing CUI is authorized for any lawful government purpose, defined as any activity, mission, function, operation, or endeavor that the U.S. Government authorizes or recognizes within the scope of its legal authorities or the legal authorities of non-executive branch entities (such as state and local law enforcement).[2]


Purpose of the CUI Program[3]
Federal agencies routinely generate, use, store, and share information that, while not classified, still requires some level of protection from unauthorized access and release. Protection may be required for privacy, law enforcement, contractual protections, or other reasons.

Historically, each agency developed its own practices for sensitive information, resulting in a patchwork of processes across federal agencies. Similar information might be labeled differently, or different types of information might have the same markings with different meanings depending on each organization’s usage. The CUI Program is a unified effort between Executive Branch agencies to standardize these protections and practices across departments and agencies.


History of CUI[4]
A Presidential memorandum of May 9, 2008, signed by President George W. Bush, assigned responsibility to the National Archives (NARA) for overseeing and managing the implementation of the CUI framework. This memorandum was rescinded by Executive Order 13556 of November 4, 2010, and the guidelines previously outlined within it were expanded upon to improve uniformity across all Federal agencies and to develop a standard policy regarding the controlled unclassification process itself.

In a similar previous effort, the U.S. House of Representatives passed the Reducing Information Control Designations Act, (H.R. 1323), on March 17, 2009. The bill was referred to the Committee on Homeland Security and Governmental Affairs of the 111th Congress in the US Senate, but it was never passed by the Senate.

The doctrine, policy, and processes for Controlled Unclassified Information came out of a study and policy change proposal which originated within the Information Sharing and Collaboration Office of the Information Analysis and Infrastructure Protection Under Secretariat of the Department of Homeland Security in 2004. The term Controlled Unclassified Information (CUI) was coined by the authors of the study which reviewed over 140 various forms of unclassified information in use throughout the federal government at the time. Authors of the study recommended a new doctrine and policy framework and recommended that ISOO, within the NARA, be charged with implementing and overseeing the new doctrine and policy. At the time of delivery of the policy framework, NARA voiced objections to undertaking the effort due to a lack of resources. The policy recommendation continued to be worked within DHS and the rest of government as part of the Program Manager for the Information Sharing Environment, which moved from DHS to the ODNI. While the executive order, rescission of the order, and subsequent policy structure worked their way through the government, the timeline for the study/ analysis, creation of a draft policy and framework, the political processes, and the resulting policy implementation lasted from 2005 through 2017. The study was led by Grace Mastalli and Richard Russell.

The US Department of Defense has been handling "Controlled Unclassified Information" before the Presidential 2008 memorandum was published and NARA became the Executive Agent in 2010. The DoD term embraced a similar type of data category. However, the DoD and NARA differed then and now (2019) on specific categories of data defined as "CUI". DoDM 5200.01 Vol 4 defines DoD CUI policy until it is revised to align with NARA's definition. The Secretary of the Navy published SECNAV 5510.34 in November 1993 entitled Disclosure of Classified Military Information and Controlled Unclassified Information.

As of December, 2020, the Director of National Intelligence at the time, John Ratcliffe, issued a memorandum to the Assistant to the President for National Security Affairs asking the President of the United States (President Trump) to rescind EO 13556. In the memo, Director Ratcliffe referred to the policies as "exponentially more complex", and "vastly overcomplicated". He continued to express concerns from the Intelligence Community about significant cost, unclear guidance, and requested recision and a process for presidential action. DNI Ratcliffe stated that the following recision, support would be given to an Executive-branch review and replacement of the current FOUO and related markings to protect unclassified information. No extension of the previous December 31, 2020 timeline has been proposed, which has now passed, and it is currently unclear what action, if any, will be taken on this request.

  1. Definition - What is Controlled Unclassified Information (CUI)?DCSA
  2. Explaining CUI National Archives
  3. Purpose of the CUI Program GSA
  4. History of CUI Wikipedia
Retrieved from "https://cio-wiki.org//index.php?title=Controlled_Unclassified_Information_(CUI)&oldid=8030"