What is Controlled Unclassified Information (CUI)?

CUI stands for controlled unclassified information. It’s information that:

  • The government owns or creates.
  • Requires safeguarding or distribution controls that are consistent with applicable regulations, laws, and government-wide policies. 

CUI is neither classified information in the traditional sense nor corporate intellectual property—unless it’s created for or related to a government contract. The CUI program exists because federal agencies create, store, share, and use information that isn’t classified but still needs to be protected from unauthorized release and access.

DFARS Compliance Solutions

For manufacturers: Check out our list of DFARS solutions 

Related Information

 To learn more, check out some of our background information for contractors with CUI:

What is CUI Basic?

In this subset of CUI, the authorizing law, regulation, or government-wide policy does not set out specific handling or distribution controls. Instead, agencies process CUI Basic according to the controls described in the DoD CUI Registry and DoDI 5200.48. All DoD information is protected by requirements described under Basic-level safeguards and distribution policies, unless they are identified otherwise in a regulation, law, or government-wide policy.

Agencies handle CUI Basic as described by the uniform controls provided in this part and in the CUI Registry.

New Cyber Security Services

 Learn about our new security and compliance offerings

Related Information:

What is CUI Specified? 

In controlled unclassified information (CUI) Specified data, the authorizing regulation, law, or government policies contain specific handling controls, which differ from those for CUI Basic. 

CUI Specified data is a subgroup of CUI.  in which the authorizing laws, regulations, or government policies contain specific handling rules that it permits or requires agencies to use. The CUI Registry indicates which regulations, laws, and government policies include these specific requirements.

New Cyber Security Services

 Read about our new security and compliance offerings

CUI Specified Resources: 

  • Background information about CUI Specified from government archives.
  • Lists of CUI categories.

Where should DOD employees look for guidance about safeguarding CUI? 

DIB contractors who want guidance about protecting CUI have several choices, which include:

  • Their prime (if they have one). 
  • Their agency contracting officer.
  • The CMMC Accredidation Board. 
  • A trusted partner, who understands the CMMC PROCESS and how to protect CUI.

Looking for help safeguarding your CUI?

To ask about our CUI services, contact our compliance specialists at [info@domain].

Here’s more information about protecting CUI:

Get in Touch with TSI

If an experienced, highly qualified and motivated IT support team sounds like just what your business needs, then the next step is to schedule a getting-to-know you call. We’ll learn about your business. You’ll learn about how we work. We’ll find out if we’re a good fit to work together.

Related FAQ

What is CMMC 2.0 and how can I become CMMC 2.0 compliant?

The Cybersecurity Maturity Model Certification (CMMC) is a new requirement for existing U.S. Department of Defense contractors ...
Read More