|
Size: 453
Comment:
|
Size: 2218
Comment: More details
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
'''Controlled Unclassified Information''' ('''CUI''') is a category of [[UnitedStates/InformationLaw/ClassifiedInformation|unclassified]] information overseen by the [[UnitedStates/NationalArchivesAndRecordsAdministration|National Archives and Records Administration]]. |
|
| Line 11: | Line 13: |
| '''Controlled Unclassified Information''' ('''CUI''') is a category of unclassified information. It includes all of [[UnitedStates/InformationLaw/PersonallyIdentifiableInformation|PII]], [[UnitedStates/InformationLaw/ProtectedHealthInformation|PHI]], and [[UnitedStates/InformationLaw/ControlledTechnicalInformation|CTI]]. | CUI exists within the paradigm of [[UnitedStates/InformationLaw/ClassifiedInformation|classification]] for government-generated information. It specifically refers to information that is not eligible for classification. Access is contingent on a lawful government purpose; a need-to-know is generally not required, although laws can carve out specific requirements. If someone who does not meet those criteria accesses the information, there is an '''unauthorized disclosure''' ('''UD'''). CUI generally includes all of [[UnitedStates/InformationLaw/PersonallyIdentifiableInformation|PII]], [[UnitedStates/InformationLaw/ProtectedHealthInformation|PHI]], and [[UnitedStates/InformationLaw/ControlledTechnicalInformation|CTI]]. Certain agencies or departments have specific guidance for unclassified information; examples include limited distribution or additional protections. This is the distinction between '''CUI Basic''' and '''CUI Specified'''. ---- == History == Several [[UnitedStates/Departments|departments]], especially the [[UnitedStates/DepartmentOfDefense|U.S. Department of Defense]], have complex histories of labels for controlling unclassified information. * For Official Use Only (FOUO) * Sensitive But Unclassified (SBU) * Law Enforcement Sensitive (LES) * and so on The creation of the CUI designation, and the assignment of oversight to the '''Information Security Oversight Office''' ('''ISOO''') under [[UnitedStates/NationalArchivesAndRecordsAdministration|NARA]], is intended to streamline bureaucratic red tape and to address the abuse of controls to circumvent [[UnitedStates/InformationLaw/FreedomOfInformationAct|FOIA]] requests. The new DoD policy is implemented in '''DOD Instruction (DODI) 5200.48 Constrolled Unclassified Information (CUI)'''. |
Controlled Unclassified Information
Controlled Unclassified Information (CUI) is a category of unclassified information overseen by the National Archives and Records Administration.
Definition
CUI exists within the paradigm of classification for government-generated information. It specifically refers to information that is not eligible for classification. Access is contingent on a lawful government purpose; a need-to-know is generally not required, although laws can carve out specific requirements.
If someone who does not meet those criteria accesses the information, there is an unauthorized disclosure (UD).
CUI generally includes all of PII, PHI, and CTI.
Certain agencies or departments have specific guidance for unclassified information; examples include limited distribution or additional protections. This is the distinction between CUI Basic and CUI Specified.
History
Several departments, especially the U.S. Department of Defense, have complex histories of labels for controlling unclassified information.
- For Official Use Only (FOUO)
- Sensitive But Unclassified (SBU)
- Law Enforcement Sensitive (LES)
- and so on
The creation of the CUI designation, and the assignment of oversight to the Information Security Oversight Office (ISOO) under NARA, is intended to streamline bureaucratic red tape and to address the abuse of controls to circumvent FOIA requests.
The new DoD policy is implemented in DOD Instruction (DODI) 5200.48 Constrolled Unclassified Information (CUI).