Controlled Unclassified Information (CUI) is a type of unclassified information used by the federal government of the United States. CUI takes the place of the designations "For Official Use Only," "Sensitive But Unclassified," and "Law Enforcement Sensitive" (LES).
In general, CI is any information that could cause harm to national security if released into the public domain. This includes military plans and operations, intelligence activities, foreign relations, and sensitive law enforcement investigations or prosecutions.
Unclassified information is information that is not classified "Secret" or higher. It can be released to the public without jeopardizing national security. National Security Act of 1947, as amended; 50 U.S.C. § 3024.
"Secret" information is information that should be kept confidential to protect national security. This includes military plans and operations, intelligence activities, and certain other matters with an impact on national security. National Security Council Directive on Classification of Information by Function (NSC-5/4).
The federal government's controlled unclassified information (CI) program is designed to prevent the disclosure of sensitive information about individuals or organizations involved in counterintelligence activities, such as espionage or sabotage. Counterintelligence measures include security reviews of employees' personal files, background checks, and monitoring of communications patterns. Employees may also be denied access to certain facilities or areas based on concerns about their potential threat to national security.
Controlled and Unclassified Data Controlled Unclassified Information (CUI) is information that must be safeguarded or disseminated in accordance with relevant legislation, regulations, and government-wide policy but is not classified by Executive Order 13526 or the Atomic Energy Act, as amended. This includes information about U.S. persons obtained from foreign sources during the course of FBI investigations.
The CUI process begins when the FBI receives a request for information from another agency or from the public. The FBI then determines if the information meets any criteria for classification. If not, then it is provided to investigators for use in their cases. If the information does meet criteria for classification, then it is provided to an Intelligence Division specialist for review. If the analyst determines that the information can be released without jeopardizing national security, then it is approved for release. Otherwise, it is denied.
All case-related CUI is reviewed by at least two officials within the FBI, including one who made the original determination that the case was not eligible for classification and one who approved the case for release. Officials also have the authority to withhold information that would cause harm to an ongoing investigation or prosecution.
Case-related CUI includes names, addresses, and other contact information collected from individuals not involved in criminal activity. Such information is provided to assist FBI agents with their investigations.
Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls in accordance with applicable laws, regulations, and government-wide policies but is not classified as "Classified National Security Information" under Executive Order 13526 or the Atomic Energy Act, as amended. CUI includes items such as salary data, work location data, phone numbers, email addresses, and similar information that would not generally be considered sensitive but which must be protected to ensure the safety and security of Department of Defense personnel and facilities.
The Chief Information Officer (CIO) is responsible for ensuring that all CI assets are treated with respect and dignity they deserve. This includes protecting these assets from damage, loss, or unauthorized disclosure.
The CIO also ensures that CI practices are implemented across the organization to maximize benefits and minimize risks. For example, the CIO may seek input from subject matter experts on how best to protect CI resources before developing or implementing new processes or technologies.
Finally, the CIO monitors and reports on CI activities within the organization. This includes monitoring privacy and security initiatives, as well as evaluating the effectiveness of existing processes and technologies.
In addition to being the Chief Information Officer, an individual can also serve as the Chief Privacy Officer (CPO).