Controlled Unclassified Information (CUI) is a type of information that is not classified, but that still requires protection. CUI can include information that is sensitive, but not secret, such as personal information, financial information, or trade secrets.
CUI Basic is a set of requirements that organizations must follow to protect CUI. These requirements are designed to help organizations ensure that CUI is properly handled and protected from unauthorized access, disclosure, or modification.
Contenido
What is CUI?
CUI is defined as «information that is not classified national security information, but that is required to be protected at the same or a higher level of protection as classified national security information.»
CUI can include a wide variety of information, such as:
- Personal information, such as names, addresses, and Social Security numbers
- Financial information, such as credit card numbers and bank account numbers
- Trade secrets, such as formulas, recipes, or manufacturing processes
- Sensitive government information, such as internal communications or plans
How to Handle CUI
Organizations that handle CUI must follow a set of requirements to protect it. These requirements are designed to help organizations ensure that CUI is properly handled and protected from unauthorized access, disclosure, or modification.
The specific requirements that organizations must follow will vary depending on the type of CUI that they handle. However, some common requirements include:
- Classification: Organizations must classify CUI at the appropriate level of protection.
- Marking: Organizations must mark CUI with the appropriate classification markings.
- Access control: Organizations must control access to CUI to authorized individuals only.
- Storage: Organizations must store CUI in a secure location.
- Transmission: Organizations must transmit CUI securely.
- Destruction: Organizations must destroy CUI securely when it is no longer needed.
Types of CUI
CUI is divided into two categories:
- CUI-designated: CUI-designated information is information that has been specifically designated as CUI by the government.
- CUI-derived: CUI-derived information is information that is derived from CUI-designated information.
CUI-designated information is further divided into three levels of protection:
- CUI-unclassified: CUI-unclassified information is the lowest level of CUI. It is information that is not sensitive and does not require a high level of protection.
- CUI-limited: CUI-limited information is a higher level of CUI. It is information that is sensitive and requires a moderate level of protection.
- CUI-controlled: CUI-controlled information is the highest level of CUI. It is information that is highly sensitive and requires a high level of protection.
FAQ
What are the benefits of protecting CUI?
Protecting CUI is important to protect the privacy and security of individuals and organizations. CUI can be used for identity theft, financial fraud, and other malicious purposes. By protecting CUI, organizations can help to prevent these crimes and protect their employees, customers, and partners.
What are the consequences of not protecting CUI?
The consequences of not protecting CUI can be severe. Organizations that fail to protect CUI may be subject to civil and criminal penalties. Additionally, organizations that fail to protect CUI may damage their reputation and lose the trust of their customers and partners.
How can I learn more about CUI?
The National Archives and Records Administration (NARA) has a website with more information about CUI, including the CUI Handbook and the CUI Compliance Program Guide.
Conclusion
Controlled Unclassified Information (CUI) is a type of information that is not classified, but that still requires protection. By following the CUI Basic requirements, organizations can help to ensure that CUI is properly handled and protected from unauthorized access, disclosure, or modification.