WIXLIB

I NFOR.MJ\T ION SECURITY OVERS IG H T OFF I CENAT I ONAi A RCl ll Vr\ 1111 d ltl( O IU l\ i\l}J\\ I Nl\ l ltA l ION700 l' IN ' W I VAIAAVINl!l.NW. IHHl1\\ lllllWA\ l llN ilON. l l .lll lOXOOO I ISOOw 11'11'.11 rd1i l' s.301 I iSt 'I NFORMATION SEC URITYOVERSIG H T OFF ICECUI Notice 2018-02: Recommendations for Controlled Unclassified Information (CUI)Basic TrainingJanuary 24, 20 18PurposeThis notice identifies and recommends common learning obj ectives and curriculum designelements fo r basic CUI training.Authorities32 CFR 2002, "Controlled Unclassified In formation," September 14, 2016; andExecutive O rder 13556, "Controlled Unclassified Information," November 10, 20 10.BackgroundThe Director of the Information Security Oversight Office, exercises Exec utive Agentresponsibilities for the CUI Program. The CUI Federal regulation at 32 CFR 2002 implementsExecutive Order 13556 for CUI, and establishes CUI Program requirements for designati ng,safeguarding, disseminating, marking, decontrolling, and disposing of CUI.RecommendationsThe attachment contains standards fo r common curriculum design elements (content) to supportidentified learning objectives. Along with the content, recommendations are made for appropriatedelivery and testing related to the first three levels of the Bloom's Taxonomy 1 framework forachieving knowledge, comprehension and application competencies.Tn4A.·' Alfo,MARK A. B 7 Director1Bloom's Taxonomy provides a benchmark for identifyi ng learning objectives. Bloom's taxonomy is a classificationsystem used to define and distinguish different levels of human cognition (i.e., thinking, learning, and understanding).

Attachment: Curricu lum Design Standards 2Curriculum Desien StandardsLearning Objective, Delivery & Test/Measures LevelsC urriculum Design Element (Topics)CUI Purpose & Relevance: C urre nt Events: accounts of actual events- Persona l:- e. g I: Government-wide: PII & "OPM DataBreach"- e. g2:- Agency:- Government-wide: e.g. Pll and "OPM DataBreach"-e. g 2:- Im portance:- National trust: discussion0impactconsequences00priority- National security: discussionimpact00consequences0priority- Personal: discussion0impact0responsibilityaccountabi Iity00consequences Learning Objectives:- Develop motivation for CU I practices- Understand purpose, goals and objectives, thearguments, raisons d'etre for why CU I isimportant Delivery (Bloom 's Taxonomy):- Knowledge, comprehension, application Test/Measures (Kirkpatrick 3-Bloom ' s level):- no testing recommended Purpose, Goals and Objectives:- Executive Order- Understand the argu me nts and raisons d'etre for whyCU I is important2Curriculum Design Standards: are intended provides to Executive Branch agencies a clear definition and gu idanceto achieve compliant basic CUI train ing.3Kirkpatrick (Evaluation) Mode l: The four-level evaluation model foc uses on I) reaction (d id you "like" theinstructor, material, setting etc.), 2) learning (what and how much did you learn, knowledge), 3) behavior (did itimpart application skills & abi lities), and 4) results (what were the outcomes to a business, society etc.). CUI focus ison two (learning) and 3 (behavior).Basic Training RecommendationsPage 2 of 10

Curriculum Desie:n StandardsLeaming Objective, Delivery & Test/Measu res LevelsCurriculum Design Ele ment (Topics)Concepts and Terminology: CUI Category andSubcategory CU I Category and Subcategory:- Definition- Each based on regulation, law, government-widepolicy and or judicial position- Understand that there's now a clear defi nition ofsens itive infonnation- Ex I (Basic): description, use, impo1tance, mark ingsyntax- Ex 2 (Specified): description, use, importance,marking syntax Learning Objectives:-·Understand the concept of sensitive informationcategories and subcategories. Delivery (Bloom 's Taxonomy):- Knowledge, comprehension Test/Measures (Kirkpatrick-B loom 's level):- Knowledge, comprehensionConcepts and Terminology: Lawful GovernmentPurpose Leaming Obj ectives:- Understanding the fou ndational concept " lawfulGovernment purpose." Delivery (Bloom 's Taxonomy):- Knowledge, comprehension Test/Measures (Kirkpatrick-B loom 's level):- Know ledge, comprehension Lawful Government Purpose- Definition- Examp lesConcepts and Terminology : Other ImportantConcepts Authorized Ho lder- definition- examples Media: information storage and transpo1t media- definition- example Legacy Information- definition- examples- special considerations when information is notbeing sharedBasic Training Recommendations Leaming O bjectives:- Know other key concepts, terms and be able togiveexamples Delivery (B loom 's Taxonomy):- Know ledge, comprehension Test/Measures (Kirkpatrick- Bloom 's level):- Knowledge, comprehensionPage 3 of 10

Curriculum Desien StandardsLearning Objective, Delivery & Test/Measures LevelsCurriculum Design Element (Topics)Authority: Agency Policy Agency CU I Po licy: purpose, key differences- Most important authority for users and managers- Similarities with Federal Po licy- Differences from Federal guidance: articulatedo Agency 's bus iness, like: telework, BYODo Specific Ro les & Responsibilitieso Agency's Decontrol po licy and processeso Agency's Destruction policy and processeso Agency training is primarily lin ked to agencypolicy- Policy location and access- Agency po licy flexibi lity Learning Objectives:- Understanding that the agency po licy is the mostimportant authori ty and that it c larifies roles,responsib il ities, processes and procedures De livery (Bloom's Taxonomy):- Know ledge, compre hension Test/ Measures (Ki rkpatrick- Bloom's leve l):- Knowledge, comprehensionAuthority: Other Policies and Guidance Executive Order 13556: description, goals, sponsor,why it came about 32 CFR, Part 2002, Controlled UnclassifiedInformation (CU I), September 14, 2016: description,goa ls, sponsor CU I Notice 20 16-0 I: Im ple mentation G uidance forthe Contro lled Unclassified Information (CU I)Program, September 14, 2016: description, goals,sponsor For guidance & answers to questions: Agency Policy,CU I POCBasic Training Recommendations Learning Objectives:- Know the foundational policies that support anagency 's policy- Know the ir respective messages and scope Delivery (Bloom's Taxonomy):- Knowledge Test/Measures (Kirkpatrick-B loom's level):- no testing recom mendedPage 4 of IO

Curriculum Desi2n StandardsLeaming Objective, Delivery & Test/Measures LevelsCurriculum Design E lement (Topics)Governance & CUI Organizational Structures: Federal: Federal CUI Executive Agent' s- Authorities- Roles- Governa nce Responsibi lities Agency:- Authorities- Ro leso Senior Agency Official (SAO)o Agency CU I Program Manager- Governance Responsibilities- C larified in the agency's CU I Pol icy- Lines of communication: who & how to contact Bus iness Program: a uthorities, roles & responsibilities- A uthorities- Ro les- Governance Responsibi lities Pe rsonal:- Authorities- Ro les- Governance Responsibi lities For guidance & answers to questions: Agency Po licy,CU I POC Learning Objectives:- Know the respective CU I Program 'sorganizational domain a uthorities, roles a ndresponsibilities, including the individual'sauthorities, roles and responsibilities. Delivery (Bloom's Taxo nomy):- Know ledge, comprehen sion Test/Measures (Kirkpatrick-Bloom 's level):- Knowledge, compre hensionResou rces/Professional Tools: Registry Purpose: Know its CUI Program fu nction and that it' sa business support tool Content: Know the Registry's content- Sensitive information categories and subcategories- Authorities (law, regulation, government-wide po licyand o r judicial position- " Basic" or "Specified" concepts- Markings (basic or specified)- Dissemination indicators Owners hip: describe NARA-I SOO owners hip &maintenance responsibi lities Location: describe website & URL Access & Use: describe & demonstrate bas ic accessand navigation For g uidance & a nswers to questions: Agency Policy,CU I POCBasic Tra ining Recommendations Leaming Objectives:- Understand and use the CU I Registry Delivery (B loom 's Taxonomy):- Knowledge, comprehension, application Test/Measures (Kirkpatrick-B loom 's level):- Knowledge, comprehensionPage 5of10

Curriculum Desie:n StandardsC urriculum Design Eleme nt (Topics)Leaming Objective, Delivery & Test/Measures LevelsResources/Professional Tools: Marking Hand book Purpose: describe its busi ness fu nction (that it's theCU I business support tool) Conte nt: descri be information and [content] e leme nts- Category- Authori ty (law, regulation or governme nt- widepo licy)- Marking (basic and spec ified markings)- Dissem ination indicators Ownership: describe NARA-I SOO ownersh ip &maintenance responsibil ities Location & access:- describe website (URL)- describe access- describe organization & navigation Learning Obj ectives:- Understand and use the Marking Hand book Delivery (Bloom 's Taxonomy):- Knowledge, comprehe nsio n, some a pplication Test/M easures (Kirkpatrick-Bloom's level):- Knowledge, comprehensionHandling: Basic Marking Learning O bjectives:- Know, understand and use basic marking concepts De livery (Bloom 's Taxonomy):- Knowledge, compre hension, basic application Test/Measures (K irkpatrick-B loom 's level):- Knowledge, comprehension Definition: Basic marking concepts- Marking Syntax (ba nner)- Bas ic and Specified Markings- Marking with Dissemi nation Resource for guidance: Marking HandbookRelationships: CUI and Other IRM P rogram Summary of other l RM programs- Information Assurance- Pri vacy- Records Management Commonalities: purpose, po ints of interact ion Differences : purpose, obj ectives, requi reme nts For guida nce & answers to questions: Agency Poli cy,CU I POC Learning Objectives:- Know and understanding important programrelationships with other IRM programs Delivery ( Bloom's Taxonomy):- Knowledge, comprehension Test/Measures (Kirkpatrick-Bloom's level):- KnowledgeRelationships: CUI and Classified Program Summary definition Commonalities :- Purpose Differences:- Purpose- Comingled markings (an advanced topic notaddressed) For g uidance & a nswers to questio ns: Age ncy Policy,CU I POCBasic Train ing Recom mendations Learning Objectives:- Recognize and understa nd the important programrelationship Delivery (Bloom's Taxonomy):- Knowledge Test/Measures (Kirkpatrick-Bloom 's level):- no testing recom me ndedPage 6 of IO