Subscribe to DovesTips


DovesTip 02 – What is Controlled Unclassified Information (CUI)

Has anybody seen a document marked as CUI yet?  Most people would answer no.  But never the less DFARS 7012/NIST 800-171 and the new Cybersecurity Maturity Model Certification are all about protection CUI.  It’s how the DoD but also soon all government agencies will require verified conformance with the requirement to protect sensitive government documents, plans and communications. 

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.

Executive Order 13556 “Controlled Unclassified Information” (the Order), establishes a program for managing CUI across the Executive branch and designates the National Archives and Records Administration (NARA) as Executive Agent to implement the Order and oversee agency actions to ensure compliance. The Archivist of the United States delegated these responsibilities to the Information Security Oversight Office (ISOO).

Dovestech provides assistance to companies seeking to comply with DFARS 7012 and to prepare for CMMC.  We help to identify CUI, map it’s use throughout your business and then we devise methods to secure it and to ensure a defendable CUI control plan that will support a hopefully successful audit.