Sep 29, 2020

Information Management and Security Incorporation


Controlled Unclassified Information (CUI) is a term that has begun to gain wider traction in the federal sphere as agencies face more scrutiny over privacy concerns and the handling of sensitive information. CUI serves as a label to simplify the ways that information is safeguarded and shared both within and amongst Executive Agencies and their customers. CUI provides universality by allowing for a standardized system of protection used by all Executive Agencies that will minimize any potential gaps in practice that may vary from agency to agency. In today’s world, agencies managing CUI must also manage risk from telework due to COVID.

            Before the CUI program, sensitive information that was not deemed Classified would carry any number of possible identifiers. Markings such Sensitive But Unclassified (SBU), Personally Identifiable Information (PII), For Official Use Only (FOUO), and Law Enforcement Sensitive (LES), would be applied to documents and information to identify them as sensitive and limit who could have access to them. The problem with these markings is that in many cases the determination of the sensitivity of the information is subjective and possibly confusing. The CUI program aims to provide an umbrella marking and terminology to encompass all the previous sensitivity markings into one universally understood tool. 

            Beginning with the signing of Executive Order 13556 in November of 2010, the Executive Branch of the US Government has been faced with the incorporation of the Controlled Unclassified Information (CUI) program within all its’ Agencies. The CUI program is designed to simplify the way in which the federal government handles and stores sensitive information which does not qualify as Classified. Along with the development of the CUI program and the CUI marking, came the CUI Registry, which serves to identify the categories of information that would need to be marked as CUI. The CUI Registry is developed and maintained by the National Archives and Records Administration (NARA) and put together through a collection of laws, regulations, and Government-wide policies which provide the justification for identifying the contained information categories as sensitive and thus CUI. Every Agency within the Executive Branch is expected to implement the use of CUI to replace any previously used markings and to have in place their own internal program to assist in the transition to CUI. 

During this time of widespread telework due to COVID-19, the implementation of CUI has not been hindered nor neglected. In fact, respective Executive Agency CUI programs have needed to adapt to this climate and work to ensure that staff whom continue to require access to CUI, are able to do so in order to fulfill their role while still maintaining all of the proper safeguards. This has caused the implementation of CUI to require a stricter threshold on how individuals access sensitive information and the ease at which it is shared for official purposes. Due to the remote work environment, the availability of hardcopy sources for CUI have become unavailable to those who normally deal with it, and data systems which contain CUI have become the norm. This still comes with the added complication of potential unregulated printing, or the unintentional viewing by those sharing a household with the individual privy to CUI. To combat this, Office Heads and Supervisors have had to enforce the same standards which are practiced within the normal office setting. It is up to the individual with access to CUI to use their environment in such a way as to uphold the safeguarding standards and policies published by the National Archives and Records Administration. 

Share on Twitter
Share on Facebook