Controlled Unclassified Information (CUI) is a type of unclassified information used by the federal government of the United States. CUI takes the place of the designations "For Official Use Only," "Sensitive But Unclassified," and "Law Enforcement Sensitive" (LES).
A common misconception is that all CI is CUI - this is not true. There are four types of CI: Secret, Top Secret, Controlled Secret, and Publicly Available. Only the last two categories can be designated as CUI.
The purpose of establishing a classification level for information is to determine how free dissemination of that information should be. For example, the highest classification level, TOP SECRET, means that the information must never be revealed outside official channels or under any circumstances. Lower levels of classification allow for a more open environment where officials can share sensitive information without endangering national security.
In general, there are three ways for information to be declassified: automatically, temporarily, or permanently. Automatic declassification applies to information that is required to be published in the Federal Register under certain statutes such as the Freedom of Information Act (FOIA), state public records laws, and other requirements. This information includes annual reports filed with the Securities and Exchange Commission (SEC) by companies with stock listings on major exchanges. Temporary declassification allows agencies to remove sensitive information from classified documents to provide a clearer picture of current affairs without compromising national security.
Controlled and Unclassified Data Controlled Unclassified Information (CUI) is information that must be safeguarded or disseminated in accordance with relevant legislation, regulations, and government-wide policy but is not classified by Executive Order 13526 or the Atomic Energy Act, as amended. This includes information about U.S. persons obtained from foreign sources during the course of FBI investigations.
The CUI Policy was first published in the Federal Register on May 25, 2005. The new policy establishes clear guidelines for the use of controlled unclassified information in FBI investigations and proceedings.
These rules are necessary because the CUI statute contains no specific standards for when an FBI investigation should be terminated. Under the CUI Policy, investigations will be deemed to have ended when the matter under investigation has been substantially completed, which will vary depending on the nature of the case. For example, an investigation may be considered complete even if some matters within the scope of the inquiry remain unresolved.
As part of its oversight role, the Privacy & Civil Liberties Oversight Board (PCLOB) reviewed the CUI Policy to determine whether it complied with the CUI statute and recommended several changes to improve its clarity and effectiveness. The Board's recommendations were incorporated into an amendment to the CUI Policy that was published in the Federal Register on April 2, 2006. That amendment became effective on May 1, 2006.
Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls in accordance with applicable laws, regulations, and government-wide policies but is not classified as "Classified National Security Information" under Executive Order 13526 or the Atomic Energy Act, as amended. CUI includes items such as the name of an agency employee, the address of a facility, and the title of a program or project.
In general, agencies should use caution not to release CUI from their systems. Agencies must determine whether there are other ways to provide this information that do not violate privacy rules. For example, an agency could provide a link on its website that leads users to a public data set containing this information.
Agencies should take special care when releasing CUI from their systems in response to requests for information made under the Freedom of Information Act (FOIA). As discussed in more detail below, agencies may have to treat these requests differently than they would otherwise be treated if the requested material was also contained in a system of records.
An agency can declare information to be controlled unclassified information by marking it with the control number 708. Agencies must ensure that all controlled unclassified information is properly marked. Failure to do so may result in criminal penalties under federal law.
Control numbers are used by agencies to identify their own information and distinguish it from other information found in the Federal government.
Controlled Unclassified Information (CUI) is unclassified information that must be protected and disseminated in accordance with applicable law, regulation, or government-wide policy. CUI was founded on November 4, 2010 with the signature of Executive Order (E.O.) 13556. This E.O. established procedures for agencies to control access to their own CUI and required those who have access to CUI by reason of their employment or position to protect it from unauthorized disclosure.
An agency may establish its own definition of CUI. However, an example of CUI might be information that would need to be classified if it were released without authorization. Agencies should use caution not to define CUI so broadly as to make it impossible for them to meet their statutory obligations. For example, if an agency defines CUI to include all emails sent or received by any employee, then they have created a problem for themselves. The same issue could arise if an agency defines CUI to include all conversations that occur within the agency. In addition, agencies should ensure that their CUI controls do not violate any federal laws or regulations.
CUI documents are those that contain CUI. These documents can be found in the Office of Management and Budget (OMB) Circular A-12 guidelines. These documents provide guidance to agencies on how to control access to their own CUI and prevent its improper dissemination.
Controlled Unclassified Information (CUI): According to Executive Order 13556, controlled unclassified information is information held by or generated for the Federal Government that requires safeguarding or dissemination controls in accordance with and consistent with applicable law, regulations, and government-wide policies. This includes but is not limited to: records, documents, materials, information, intelligence reports, assessments, sources, methods, procedures, experiments, tests, projects, activities, communications, personnel, facilities, domains, systems, networks, websites, recordings, photographs, and other items whether physical or electronic.
Under CUI guidelines, all contracts and agreements of any kind with the Federal Government require prior approval from the agency head or his/her designee. All contract awards over $10,000 require certification of compliance with CUI guidelines from an authorized official within the contracting agency.
Contractors must comply with CUI guidelines when performing work on behalf of the Federal Government. These guidelines apply to all contractors, including subcontractors. Failure to do so may result in the withholding of information necessary for federal agencies to perform their duties.
Federal agencies are required by law to withhold certain information based on its classification status. For example, national security matters are classified at the top secret level. Thus, they cannot be disclosed without first being declassified by appropriate authorities.