Definition
Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to law, regulation, or government-wide policy, but is not classified under Executive Order 13526. Established by Executive Order 13556, the CUI program standardizes how executive branch agencies handle unclassified information that requires protection. CUI categories include export controlled technical data, law enforcement sensitive information, privacy information, proprietary business information, and critical infrastructure information. When contractors receive CUI from the government or create CUI in contract performance, they must implement appropriate safeguards (typically NIST 800-171 for DOD contracts). CUI is marked with standardized markings and must be protected throughout its lifecycle.
Also Known As
- Sensitive But Unclassified
- FOUO
- For Official Use Only
Examples
Common Mistakes to Avoid
- ✕Treating all contractor data as CUI (only specific categories qualify)
- ✕Not recognizing legacy markings that now map to CUI
- ✕Assuming CUI handling stops at contract completion (retention and destruction requirements apply)
Who Should Know This Term
All government contractors, security officers, records managers, IT administrators
Official Source
32 CFR Part 2002