Controlled Unclassified Information (CUI), the New Marking System:
This presentation is the property of its rightful owner.
Sponsored Links
1 / 39

Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC? PowerPoint PPT Presentation


  • 243 Views
  • Uploaded on
  • Presentation posted in: General

Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC? April 6, 2009 Ms. Roberta Schoen. Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC?. Ms. Deborah Ross

Download Presentation

Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC?

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Controlled unclassified information cui the new marking system what s ahead for dod and dtic

Controlled Unclassified Information (CUI), the New Marking System:

What's Ahead for DoD and DTIC?

April 6, 2009

Ms. Roberta Schoen


Controlled unclassified information cui the new marking system what s ahead for dod and dtic

Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC?

Ms. Deborah Ross

Deputy Director, Information Security Policy

Office of the Under Secretary of Defense (Intelligence)

Ms. Roberta Schoen

Director of Operations

Defense Technical Information Center


Controlled unclassified information cui

Controlled Unclassified Information (CUI)

Deborah RossDeputy Director, Information Security PolicyOffice of the Under Secretary of Defense (Intelligence)

6 April 2009


Overview

Overview

  • Standardization Needed

  • Authorities

  • CUI Criteria

  • Markings

  • Exceptions

  • Governance Structure

  • CUI Council

  • National Actions

  • National FY09 Priorities


Overview1

Overview

  • National Timeline

  • Guiding Principles

  • DoD Actions


Standardization needed

Standardization Needed

  • CUI is shared according to an ungoverned body of policies and practices thatconfuse both its producers and users

  • Across the Federal Government there are at least 107 unique markings and over 130 different labeling or handling processes and proceduresfor CUI

  • Inconsistency in CUI policies increases the likelihood of erroneous handling and dissemination of information

  • Inconsistency in CUI policies hampers the sharing of information across the US Government and with State, Local, and Tribal entities.


Authority

Authority

  • Section 1016 of the Intelligence Reform Terrorism Prevention Act (IRTPA)

    • The President shall:

      • create an information sharing environment (ISE)

      • ensure that the ISE provides and facilitates the means for sharing information among all appropriate entities through the use of policy guidelines and technologies


Authority1

Authority

  • Guideline 3, Presidential Memorandum, December 16, 2005

    “To promote and enhance the effective and efficient acquisition, access, retention, production, use, management, and sharing of sensitive but unclassified (SBU) information, including homeland security information, law enforcement information, and terrorism information, procedures and standards for designating, marking, and handling SBU information (collectively “SBU procedures”) must be standardized across the Federal government.”

    -Guideline 3, December 16, 2005 Presidential Memorandum


Authority2

Authority

  • Presidential Memorandum, May 9, 2008, Designation and Sharing of Controlled Unclassified Information

    • Replaces the term SBU with CUI

    • Defines CUI

  • “Unclassified information that does not meet the standard for National Security Classification under Executive Order 12958, as amended, but is pertinent to the national interest of the United States or originated by entities outside the U.S. Federal government, and under law or policy requires protection from disclosure, special handling safeguards, and prescribed limits on exchange or dissemination”

    • - Presidential Memorandum, May 9, 2008, Designation and Sharing of Controlled Unclassified Information


Authority3

Authority

  • Establishes a new CUI Framework

  • Standardizes practices to improve information sharing

  • Designates the National Archives and Records Administration (NARA) as the Executive Agent to oversee and implement


Cui criteria

CUI Criteria

  • Information shall be designated as CUI based on

    • Statute, or

    • Agency head determination

  • Information shall not be designated as CUI

    • To conceal violations of law, inefficiency, or administrative error;

    • To prevent embarrassment to the US Government, any US official, organization, or agency;


Cui criteria1

CUI Criteria

  • To improperly or unlawfully interfere with competition;

  • To prevent or delay the release of information that does not require such protection;

  • If it is required by statute or Executive Order to be made available to the public; or

  • If it has been released to the public under proper authority.


Markings

Markings

  • CUI Markings

    • Two safeguarding levels: Controlled or Controlled Enhanced

    • Two dissemination levels: Standard or Specified

    • Overall CUI marking will convey the safeguarding and dissemination levels of the document

    • All CUI will carry one of three overall markings


Markings1

Markings

  • CONTROLLED WITH STANDARD DISSEMINATION

  • CONTROLLED WITH SPECIFIED DISSEMINATION

  • CONTROLLED ENHANCED WITH SPECIFIED DISSEMINATION


Exceptions

Exceptions

  • CUI Exceptions

    • CUI Framework shall be used for excepted information to the maximum extent possible

    • CUI Framework shall not interfere with regulatory requirements for marking, safeguarding, and disseminating

    • Exceptions will be listed on a CUI Register

    • Any regulatory marking shall follow the most applicable CUI safeguarding marking along with a specified dissemination instruction


Exceptions1

Exceptions

  • Known Exceptions include:

    • 6 CFR Pt. 29 - PCII (Protected Critical Infrastructure Information)

    • 49 CFR Pts, 15 (DOT) & 1520 (DHS/Transportation Security Administration) - SSI (Sensitive Security Information)

    • 6 CFR Pt. 27 - CVI (Chemical Vulnerability Information)

    • 10 CFR Pt. 73 - SGI (Safeguards Information)


Governance structure

Governance Structure

  • CUI Governance Structure:

    • CUI Executive Agent – NARA

    • CUI Council – Membership drawn from within the existing Information Sharing Council

    • Departments and Agencies – Responsible for implementing and overseeing compliance with the CUI Framework


National actions

National Actions

  • National actions since May 9, 2008:

    • May 21, 2008: Archivist of the United States established the CUI Office

    • June 30, 2008: Director of CUI Office sent a letter out to Departments and Agencies introducing the Executive Agent and tentative plans for implementation of the Framework


National actions1

National Actions

  • July 9, 2008: PM-ISE activated the CUI Council as a subcommittee of the Information Sharing Council (ISC) and requested designees

  • August 2008: CUI Office launched its website at www.archives.gov/CUI

  • September 2008: CUI EA began developing implementing guidance


National level fy09 priorities

National-Level FY09 Priorities

  • National-level FY09 Priorities:

    • Develop a Centralized Implementation Plan

      • Set priorities for implementation

      • Establish milestones for alignment to CUI Framework

      • Establish training schedule

    • Develop Implementation Policies

      • Define Safeguarding Standards

      • Define Department/Agency CUI Dissemination Policies


National level fy09 priorities1

National-Level FY09 Priorities

  • Develop detailed guidance on CUI life cycle, portion marking, and application of CUI Framework to archived information

  • Establish Centralized CUI Training (CUI 101)

  • Begin to Develop Department/Agency-specific Implementation Plan

    • Establish Department/Agency-specific CUI Training (CUI 201)


  • Controlled unclassified information cui the new marking system what s ahead for dod and dtic

    CUI Framework Implementation Timeline Overview (as of 11/17/08)

    Guiding Documents

    CUI Council Meetings

    CUI

    Council

    Initial

    Meeting

    Aug 21

    Every 3rd

    Thurs as

    needed

    Stand-up

    CUIC

    Sep 18

    CUIC VM

    Nov 19

    Full

    Implementation

    of CUI Framework

    May 2013

    Departments

    & Agencies

    Identify reps

    Outreach Phase

    Department &

    Agencies submit

    Plans to CUIO

    Data call

    due

    Sep 8

    CUIC

    Oct 16

    CUIC

    Dec 4

    Planning Phase

    Implementation Phase

    Date May 08 Jun Jul Aug Sep 08 Oct Nov Dec 08………Sep 09 Oct 09 Oct 10 Oct 11 Oct 12

    FY 08FY09 FY10 FY 11 FY12 FY 13

    Phase Stand-up Initial Outreach Planning Implementation – Phase I Implementation – Phase II

    Dept

    Agency

    Letter

    Jun 27

    FY10

    FY11

    FY12 – FY 13

    FY09

    Monitor Department &

    Agency compliance with

    CUI policy, standards,

    and markings

    Evaluate effectiveness of

    CUI Implementation

    Policy and Guidance

    Update Policy and

    Guidance as necessary

    Annual Report

    Alignment of Policy Markings

    with Exceptions

    Alignment of Regulatory

    Markings

    Confirm necessary changes

    to regulation and statute

    Annual Report

    Presidential

    CUI Memo

    May 9

    NARA

    CUI Memo

    May 21

    CUIO

    at PM-

    ISE PR

    Aug 28

    Finalize Department & Agency

    Plans

    Activate Registry

    Initiate CUI 201Training

    Identify and designate CUI

    Alignment of Policy-based

    Markings

    Begin federal rule-making

    process

    Annual Report

    Milestones and Plan

    Draft Implementing Guidance

    Safeguarding

    Dissemination

    Designating

    Marking

    Initiate CUI 101Training

    Design Registry

    Review Department

    & Agency Plans

    Annual Report

    CUI

    Council

    Letter

    Jul 9

    Background

    CUI

    Framework

    May 20

    CUIO

    Review

    Data call

    Updates/

    Outreach

    CUIO

    Brief to

    ISC Jul 16

    Outreach to

    Departments

    & Agencies

    Jun-Aug

    Updated

    data call to

    Departments

    & Agencies

    Aug 8


    Guiding principles

    Guiding Principles


    Dod actions

    DoD Actions

    • DoD Actions

      • Participating as a member of the CUI Council (OASD(NII)/DoD CIO primary, OUSD(I) alternate)

      • Leading a DoD CUI Task Force

      • Exploring enterprise solutions—Marking Software

      • Developing a DoD Transition Plan that addresses all DoD CUI

      • Planning resources


    Dod actions1

    DoD Actions

    • Coordinating with Intelligence Community effort to avoid duplication and align implementation schedules

    • Informing DoD at large—

      • Joint OASD(NII)/DoD CIO and USD(I) memorandum

      • Currently staffing a USD(I) memorandum addressing status of national policy and existing DoD CUI policy

    • Positioning detailees at the NARA CUI Office to represent DoD interests


    Take aways

    Take Aways

    • Do NOT implement the national level policy—continue to follow guidance in DoD 5200.1-R

    • Express your issues/ideas to your CUI representative within your DoD organization

    • If you are responsible for implementing within your organization begin planning implementation to include resources


    Controlled unclassified information cui the new marking system what s ahead for dod and dtic1

    Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC?

    Controlled Unclassified Information:An STI View

    April 6, 2009Roberta Schoen


    Controlled unclassified information cui the new marking system what s ahead for dod and dtic

    General CUI Points

    • CUI is what used to be called “Sensitive But Unclassified (SBU)” or “Unclassified Limited” information

    • Most Scientific/Technical CUI will be at the Controlled Standard Dissemination or Controlled Specified level

    • Controlled Enhanced Standard Dissemination is handled in a more controlled manner than regular unclassified - for Witness Protection, etc.


    Controlled unclassified information cui the new marking system what s ahead for dod and dtic

    General CUI Points

    • Memo signed by the White House in May 2008

    • National Archives and Records Administration (NARA) is the Executive Agent, ~23 agencies are in the discussions

    • Processes and markings are still “under construction”

    • 2010 Implementation for Intelligence Community

    • 2013 for the rest of DoD


    Controlled unclassified information cui the new marking system what s ahead for dod and dtic

    Problems with Current System

    • At least 107 different markings across the government

    • The same marking sometimes means different things

      • “SBU”

      • “FOUO”

    • People don’t know the current marking rules for classified or controlled unclassified information

    • Markings are too restrictive for sharing


    General

    General

    • Note that DoD is only one of many agencies and Scientific/Technical Information is only one area of documents

    • Also Includes

      • Intelligence

      • Law enforcement

      • Acquisitions

      • Contracting

      • Personnel/Medical records

      • Operational Warfighter information

      • Etc.


    General implementation

    General Implementation

    • Secretary of Agency must submit dissemination markings to be registered

    • We are hoping that the first markings DoD will submit are from DoDD 5230.24, the STI markings

    • Document cover marking and possibly Portion marking

    • When a document is delimited, it does not automatically become Public Release – still needs PA Review

    • Money for conversion/implementation – so far, no new monies

    • Training – part of yearly security training for DoD, not clear about contractors


    Controlled unclassified information cui the new marking system what s ahead for dod and dtic

    CAPCO Compliance

    • Controlled Access Program Coordinate Office (CAPCO)

      • Intelligence community office dealing with standards, markings, and metadata

      • Enterprise Marking Tool will be CAPCO-compliant

      • CUI markings will be added to the current CAPCO markings


    Progress so far

    Progress So Far

    • NARA-level Subgroups include:

      • Safeguarding

      • Dissemination

      • Marking

      • Life Cycle

      • Exceptions

      • Dispute Resolution Process

    • DoD-level CUI meetings

    • DoD Enterprise Marking Tool Group


    Controlled unclassified information cui the new marking system what s ahead for dod and dtic

    Some Outstanding Issues

    • Will this improve sharing?

    • Everything must be marked? Lists of laundry items in the field?

    • Will the proposed rules be too classification-based? (Too complicated?)

    • Who starts 2010 vs 2013? How handle in the interim when libraries receive both types of documents?


    Controlled unclassified information cui the new marking system what s ahead for dod and dtic

    Issues Over Life Cycle

    • Conflict Resolution within DoD

    • Legacy documents

      • When do they need to be re-marked?

      • Will there be information on the document to tell when to de-limit?

      • DoD will need a cross-matching from old to new markings

    • Will there be a mandatory review over time?

    • Central Authority to tell when changed?

    • How handle Unclassified with no other markings? (Markings removed but not reviewed by PA yet)


    Controlled unclassified information cui the new marking system what s ahead for dod and dtic

    Dissemination Markings

    • Reality is in the details…

      • How many and which current markings will be registered as legal Specified Dissemination markings?

    • Most items are supposed to be Standard Dissemination

      • For Official Use Only (FOUO)

      • Include Distribution F (always ask owner)?

      • Include Distribution C (Government and Contractor)?


    Controlled unclassified information cui the new marking system what s ahead for dod and dtic

    Controlled Unclassified Information (CUI), the New Marking System: What’s Ahead for DOD and DTIC?

    Questions?


    Points of contact

    Points of Contact

    Ms. Roberta Schoen

    DTIC

    (703) 767-8064, DSN: 427-8064

    [email protected]

    Ms. Deborah Ross

    OUSD(I)

    (703) 607-0323

    [email protected]


  • Login