Transcription
What is CUI?Information that requires protection.1
Lawful Government PurposeLawful Government purpose is any activity, mission, function, operation, orendeavor that the U.S. Government authorizes or recognizes as within the scopeof its legal authorities or the legal authorities of non-executive branch entities(such as state and local law enforcement).WHEN TO SHARE?If access promotes a common project or operation between agencies or undera contract or agreement with the designating agency, then share.WHEN NOT TO SHARE?If access harms or inhibits a common project or operation between agencies orunder a contract or agreement with the designating agency, then do not share.
The CUI Registry3
CUI Basic and CUI SpecifiedCUI Specified(Requires uniquemarkings)CUI BasicLaws, Regulations, or Government-wide policiesrequire specific protections. For example:- Unique markings- Enhanced physical safeguards- Limits on who can access the informationLaws, Regulations, or Government-wide policiesDO NOT require specific protections.4
Marking CUI: Banner MarkingThe CUI Banner Marking may include up to threeelements: The CUI Control Marking (mandatory) may consist ofeither the word “CONTROLLED” or the acronym “CUI.” CUI Category or Subcategory Markings (mandatory forCUI Specified). CUI Control Markings and CategoryMarkings are separated by two forward slashes (//).When including multiple categories or subcategories in aBanner Marking they are separated by a single forwardslash (/). Limited Dissemination Control Markings. CUI ControlMarkings and Category Markings are separated fromLimited Dissemination Controls Markings by a doubleforward slash (//).5
Marking EmailEmails that contain CUI:Must include a Banner Marking abovethe email text.This example shows howthe original recipientcarried forward the CUImarkings from an originalemail to a new email.Must include a Banner Marking abovethe email text when forwarding orresponding CUI received by email.May include Subject-Line indicators ofCUI in the email text.6
How to Send CUI in Packages and MailCUI may be shipped through: Interagency mail systems United States Postal Service Commercial Delivery Services Automated Tracking is a best practiceDO NOTPlace Markings onPackages or Envelops!7
Controlled Environments: Physical CUI must be stored or handled in controlled environments thatprevent or detect unauthorized access. Sealed envelops Areas equipped with electronic locks Locked:– Doors– Overhead bins– Drawers– File cabinets8
Controlled Environments (Electronic)Limit and control access to CUI within the workforce by establishing electronicbarriers.- Dedicated network drives, SharePoint sites, intranet sites9
Reproducing CUIWhen Reproducing or Faxing CUI, youmay use agency-approved equipment.Look for signs on approved equipment.THIS PRINTERIS APPROVEDFOR CUI10
Reporting CUI Incidents Incidents involving CUI must be immediately reported. Agencies and organizations must have means - such ashotlines, email addresses, or points of contact - for employeesto report incidents.11
What to reportCUI incidents include but are not limited to: Improper storage of CUI Actual or suspected mishandling of CUI When unauthorized individuals gain access to CUI (physical or electronic) Unauthorized release of CUI (to public facing websites or to unauthorizedindividuals) Suspicious behavior from the workforce (Insider Threats)– General disregard for security procedures– Seeking access to information outside the scope of current responsibilities– Attempting to enter or access to sensitive areas (where CUI is stored, discussed, orprocessed)Follow your agency policy and procedures regarding how to report incidents12
Destroying CUICUI must be destroyed to a degree that makes the informationunreadable, indecipherable, and irrecoverable.APPROVEDNOT APPROVEDDestroy paper using cross cut shreddersthat produce particles that are 1mm by 5mm.13
Signs for approved destruction equipment and methods Never use trash cans orrecycling bins to dispose of CUI14
Decontrol and MarkingRemove or strike all markings on decontrolledCUI: Reused Released DonatedFollow agency policy to remove or strike CUI onlyon the: first page, cover page, or first page of any attachment.15
Additional ResourcesFor more information on the CUI Program and its elements, pleasevisit the CUI Registry @ https://www.archives.gov/cui. From theCUI Registry you will find training videos, and additional resourcesto increase your understanding of these concepts.16
Automated Tracking is a best practice . 7. DO NOT . Place Markings on Packages or Envelops! . - Dedicated network drives, SharePoint sites, intranet sites. 9. . may use agency-approved equipment. Look for signs on approved equipment. 10. THIS PRINTER IS APPROVED FOR CUI. Reporting CUI Incidents Incidents involving CUI must be immediately .
