CUI 101: Controlled Unclassified Information markings refresher

When sharing controlled unclassified information, there's a responsibility to safeguard the information and use controls aligning with laws, regulations and governmentwide policies.

What is CUI and its importance?

CUI is sensitive information that does not meet the criteria for classification but must still be protected, according to Section 2002.4 of Title 32 Code of Federal Regulations.

"CUI policy provides a uniform marking system across the federal government that replaces a variety of agency-specific markings, such as 'For Official Use Only,' 'Law Enforcement Sensitive' and 'Sensitive But Unclassified,'" said Defense Logistics Agency Headquarters Information Security Program Manager Matthew Baker. "CUI eliminates all of those protective caveats to standardize the protection process."

Employee Challenges

Baker said every employee at some point is going to work with CUI. Depending on their job, they may be working with multiple types of CUI.

It's not uncommon for DLA employees to have a challenge identifying CUI, Baker said. Some may have concerns about how to protect it or apply the proper markings.

Baker said that's why it's important to help the agency's employees understand the sensitivity of the information they are working with and how to protect it properly.

"This ensures that we as an organization are good stewards of the information to do our jobs effectively, which is to protect the interests of the warfighter by protecting their information," he added.

Employee Actions

Baker outlined a few actions employes can ensure unclassified information is safeguarded and disseminated appropriately:

• Encrypt CUI in all emails
  Example CUI markings

  Controlled Unclassified Information requires appropriate marking when on documents, as seen in this demonstration document.

  SHARE IMAGE:

  Download Image

  Image Details

  Photo By: OUSD(I&S) Information Security (INFOSEC) Office

  VIRIN: 220512-D-D0441-1002
• Ensure certificates are up to date to avoid sending CUI in emails unencrypted
• Mark CUI properly before sending information
• Become familiar with the CUI registry as it identifies CUI information and provides examples of work products which may contain CUI.
• If an employee doesn't encrypt a CUI email sent to a public audience outside the agency, contact a local DLA Intelligence Office immediately

For more information and CUI resources, employees should visit the DLA CUI website (a DLA common access card is required). The website provides a CUI registry, work products, required markings, Defense Department policies and authorities, cover sheets and examples.

Baker said employees can also contact their local DLA Intelligence Office with any specific questions or concerns.

Employees can read more about the DLA Chief of Staff's CUI awareness message (a DLA CAC is required).