Differences between revisions 5 and 7 (spanning 2 versions)
Revision 5 as of 2025-09-03 14:03:24
Size: 1788
Comment: Access
Revision 7 as of 2025-10-02 17:03:21
Size: 2218
Comment: More details
Deletions are marked like this. Additions are marked like this.
Line 19: Line 19:
Certain agencies or departments have specific guidance for unclassified information; examples include limited distribution or additional protections. This is the distinction between '''CUI Basic''' and '''CUI Specified'''.
Line 25: Line 27:
The creation of CUI, and the assignment of oversight to [[UnitedStates/NationalArchivesAndRecordsAdministration|NARA]], was implemented to replace an information regime that was complex and seen as being weaponized to circumvent [[UnitedStates/InformationLaw/FreedomOfInformationAct|FOIA]] requests.

Several [[UnitedStates/Departments|departments]], especially the [[UnitedStates/DepartmentOfDefense|U.S. Department of Defense]], has implemented labels for controlling unclassified information.
Several [[UnitedStates/Departments|departments]], especially the [[UnitedStates/DepartmentOfDefense|U.S. Department of Defense]], have complex histories of labels for controlling unclassified information.
Line 34: Line 34:
The creation of the CUI designation, and the assignment of oversight to the '''Information Security Oversight Office''' ('''ISOO''') under [[UnitedStates/NationalArchivesAndRecordsAdministration|NARA]], is intended to streamline bureaucratic red tape and to address the abuse of controls to circumvent [[UnitedStates/InformationLaw/FreedomOfInformationAct|FOIA]] requests.

The new DoD policy is implemented in '''DOD Instruction (DODI) 5200.48 Constrolled Unclassified Information (CUI)'''.

Controlled Unclassified Information

Controlled Unclassified Information (CUI) is a category of unclassified information overseen by the National Archives and Records Administration.


Definition

CUI exists within the paradigm of classification for government-generated information. It specifically refers to information that is not eligible for classification. Access is contingent on a lawful government purpose; a need-to-know is generally not required, although laws can carve out specific requirements.

If someone who does not meet those criteria accesses the information, there is an unauthorized disclosure (UD).

CUI generally includes all of PII, PHI, and CTI.

Certain agencies or departments have specific guidance for unclassified information; examples include limited distribution or additional protections. This is the distinction between CUI Basic and CUI Specified.


History

Several departments, especially the U.S. Department of Defense, have complex histories of labels for controlling unclassified information.

  • For Official Use Only (FOUO)
  • Sensitive But Unclassified (SBU)
  • Law Enforcement Sensitive (LES)
  • and so on

The creation of the CUI designation, and the assignment of oversight to the Information Security Oversight Office (ISOO) under NARA, is intended to streamline bureaucratic red tape and to address the abuse of controls to circumvent FOIA requests.

The new DoD policy is implemented in DOD Instruction (DODI) 5200.48 Constrolled Unclassified Information (CUI).


CategoryRicottone

UnitedStates/InformationLaw/ControlledUnclassifiedInformation (last edited 2025-10-02 17:03:56 by DominicRicottone)