slide1
Download
Skip this Video
Download Presentation
Controlled Unclassified Information (CUI), the New Marking System: What\'s Ahead for DoD and DTIC?

Loading in 2 Seconds...

play fullscreen
1 / 39

Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC? - PowerPoint PPT Presentation


  • 310 Views
  • Uploaded on

Controlled Unclassified Information (CUI), the New Marking System: What\'s Ahead for DoD and DTIC? April 6, 2009 Ms. Roberta Schoen. Controlled Unclassified Information (CUI), the New Marking System: What\'s Ahead for DoD and DTIC?. Ms. Deborah Ross

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC?' - joelle-kirkland


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Controlled Unclassified Information (CUI), the New Marking System:

What\'s Ahead for DoD and DTIC?

April 6, 2009

Ms. Roberta Schoen

controlled unclassified information cui the new marking system what s ahead for dod and dtic
Controlled Unclassified Information (CUI), the New Marking System: What\'s Ahead for DoD and DTIC?

Ms. Deborah Ross

Deputy Director, Information Security Policy

Office of the Under Secretary of Defense (Intelligence)

Ms. Roberta Schoen

Director of Operations

Defense Technical Information Center

controlled unclassified information cui

Controlled Unclassified Information (CUI)

Deborah RossDeputy Director, Information Security PolicyOffice of the Under Secretary of Defense (Intelligence)

6 April 2009

overview
Overview
  • Standardization Needed
  • Authorities
  • CUI Criteria
  • Markings
  • Exceptions
  • Governance Structure
  • CUI Council
  • National Actions
  • National FY09 Priorities
overview1
Overview
  • National Timeline
  • Guiding Principles
  • DoD Actions
standardization needed
Standardization Needed
  • CUI is shared according to an ungoverned body of policies and practices thatconfuse both its producers and users
  • Across the Federal Government there are at least 107 unique markings and over 130 different labeling or handling processes and proceduresfor CUI
  • Inconsistency in CUI policies increases the likelihood of erroneous handling and dissemination of information
  • Inconsistency in CUI policies hampers the sharing of information across the US Government and with State, Local, and Tribal entities.
authority
Authority
  • Section 1016 of the Intelligence Reform Terrorism Prevention Act (IRTPA)
    • The President shall:
      • create an information sharing environment (ISE)
      • ensure that the ISE provides and facilitates the means for sharing information among all appropriate entities through the use of policy guidelines and technologies
authority1
Authority
  • Guideline 3, Presidential Memorandum, December 16, 2005

“To promote and enhance the effective and efficient acquisition, access, retention, production, use, management, and sharing of sensitive but unclassified (SBU) information, including homeland security information, law enforcement information, and terrorism information, procedures and standards for designating, marking, and handling SBU information (collectively “SBU procedures”) must be standardized across the Federal government.”

-Guideline 3, December 16, 2005 Presidential Memorandum

authority2
Authority
  • Presidential Memorandum, May 9, 2008, Designation and Sharing of Controlled Unclassified Information
    • Replaces the term SBU with CUI
    • Defines CUI
  • “Unclassified information that does not meet the standard for National Security Classification under Executive Order 12958, as amended, but is pertinent to the national interest of the United States or originated by entities outside the U.S. Federal government, and under law or policy requires protection from disclosure, special handling safeguards, and prescribed limits on exchange or dissemination”
          • - Presidential Memorandum, May 9, 2008, Designation and Sharing of Controlled Unclassified Information
authority3
Authority
  • Establishes a new CUI Framework
  • Standardizes practices to improve information sharing
  • Designates the National Archives and Records Administration (NARA) as the Executive Agent to oversee and implement
cui criteria
CUI Criteria
  • Information shall be designated as CUI based on
    • Statute, or
    • Agency head determination
  • Information shall not be designated as CUI
    • To conceal violations of law, inefficiency, or administrative error;
    • To prevent embarrassment to the US Government, any US official, organization, or agency;
cui criteria1
CUI Criteria
  • To improperly or unlawfully interfere with competition;
  • To prevent or delay the release of information that does not require such protection;
  • If it is required by statute or Executive Order to be made available to the public; or
  • If it has been released to the public under proper authority.
markings
Markings
  • CUI Markings
    • Two safeguarding levels: Controlled or Controlled Enhanced
    • Two dissemination levels: Standard or Specified
    • Overall CUI marking will convey the safeguarding and dissemination levels of the document
    • All CUI will carry one of three overall markings
markings1
Markings
  • CONTROLLED WITH STANDARD DISSEMINATION
  • CONTROLLED WITH SPECIFIED DISSEMINATION
  • CONTROLLED ENHANCED WITH SPECIFIED DISSEMINATION
exceptions
Exceptions
  • CUI Exceptions
    • CUI Framework shall be used for excepted information to the maximum extent possible
    • CUI Framework shall not interfere with regulatory requirements for marking, safeguarding, and disseminating
    • Exceptions will be listed on a CUI Register
    • Any regulatory marking shall follow the most applicable CUI safeguarding marking along with a specified dissemination instruction
exceptions1
Exceptions
  • Known Exceptions include:
    • 6 CFR Pt. 29 - PCII (Protected Critical Infrastructure Information)
    • 49 CFR Pts, 15 (DOT) & 1520 (DHS/Transportation Security Administration) - SSI (Sensitive Security Information)
    • 6 CFR Pt. 27 - CVI (Chemical Vulnerability Information)
    • 10 CFR Pt. 73 - SGI (Safeguards Information)
governance structure
Governance Structure
  • CUI Governance Structure:
    • CUI Executive Agent – NARA
    • CUI Council – Membership drawn from within the existing Information Sharing Council
    • Departments and Agencies – Responsible for implementing and overseeing compliance with the CUI Framework
national actions
National Actions
  • National actions since May 9, 2008:
    • May 21, 2008: Archivist of the United States established the CUI Office
    • June 30, 2008: Director of CUI Office sent a letter out to Departments and Agencies introducing the Executive Agent and tentative plans for implementation of the Framework
national actions1
National Actions
  • July 9, 2008: PM-ISE activated the CUI Council as a subcommittee of the Information Sharing Council (ISC) and requested designees
  • August 2008: CUI Office launched its website at www.archives.gov/CUI
  • September 2008: CUI EA began developing implementing guidance
national level fy09 priorities
National-Level FY09 Priorities
  • National-level FY09 Priorities:
    • Develop a Centralized Implementation Plan
      • Set priorities for implementation
      • Establish milestones for alignment to CUI Framework
      • Establish training schedule
    • Develop Implementation Policies
      • Define Safeguarding Standards
      • Define Department/Agency CUI Dissemination Policies
national level fy09 priorities1
National-Level FY09 Priorities
    • Develop detailed guidance on CUI life cycle, portion marking, and application of CUI Framework to archived information
    • Establish Centralized CUI Training (CUI 101)
  • Begin to Develop Department/Agency-specific Implementation Plan
    • Establish Department/Agency-specific CUI Training (CUI 201)
slide22

CUI Framework Implementation Timeline Overview (as of 11/17/08)

Guiding Documents

CUI Council Meetings

CUI

Council

Initial

Meeting

Aug 21

Every 3rd

Thurs as

needed

Stand-up

CUIC

Sep 18

CUIC VM

Nov 19

Full

Implementation

of CUI Framework

May 2013

Departments

& Agencies

Identify reps

Outreach Phase

Department &

Agencies submit

Plans to CUIO

Data call

due

Sep 8

CUIC

Oct 16

CUIC

Dec 4

Planning Phase

Implementation Phase

Date May 08 Jun Jul Aug Sep 08 Oct Nov Dec 08………Sep 09 Oct 09 Oct 10 Oct 11 Oct 12

FY 08FY09 FY10 FY 11 FY12 FY 13

Phase Stand-up Initial Outreach Planning Implementation – Phase I Implementation – Phase II

Dept

Agency

Letter

Jun 27

FY10

FY11

FY12 – FY 13

FY09

Monitor Department &

Agency compliance with

CUI policy, standards,

and markings

Evaluate effectiveness of

CUI Implementation

Policy and Guidance

Update Policy and

Guidance as necessary

Annual Report

Alignment of Policy Markings

with Exceptions

Alignment of Regulatory

Markings

Confirm necessary changes

to regulation and statute

Annual Report

Presidential

CUI Memo

May 9

NARA

CUI Memo

May 21

CUIO

at PM-

ISE PR

Aug 28

Finalize Department & Agency

Plans

Activate Registry

Initiate CUI 201Training

Identify and designate CUI

Alignment of Policy-based

Markings

Begin federal rule-making

process

Annual Report

Milestones and Plan

Draft Implementing Guidance

Safeguarding

Dissemination

Designating

Marking

Initiate CUI 101Training

Design Registry

Review Department

& Agency Plans

Annual Report

CUI

Council

Letter

Jul 9

Background

CUI

Framework

May 20

CUIO

Review

Data call

Updates/

Outreach

CUIO

Brief to

ISC Jul 16

Outreach to

Departments

& Agencies

Jun-Aug

Updated

data call to

Departments

& Agencies

Aug 8

dod actions
DoD Actions
  • DoD Actions
    • Participating as a member of the CUI Council (OASD(NII)/DoD CIO primary, OUSD(I) alternate)
    • Leading a DoD CUI Task Force
    • Exploring enterprise solutions—Marking Software
    • Developing a DoD Transition Plan that addresses all DoD CUI
    • Planning resources
dod actions1
DoD Actions
  • Coordinating with Intelligence Community effort to avoid duplication and align implementation schedules
  • Informing DoD at large—
    • Joint OASD(NII)/DoD CIO and USD(I) memorandum
    • Currently staffing a USD(I) memorandum addressing status of national policy and existing DoD CUI policy
  • Positioning detailees at the NARA CUI Office to represent DoD interests
take aways
Take Aways
  • Do NOT implement the national level policy—continue to follow guidance in DoD 5200.1-R
  • Express your issues/ideas to your CUI representative within your DoD organization
  • If you are responsible for implementing within your organization begin planning implementation to include resources
controlled unclassified information cui the new marking system what s ahead for dod and dtic1
Controlled Unclassified Information (CUI), the New Marking System: What\'s Ahead for DoD and DTIC?

Controlled Unclassified Information:An STI View

April 6, 2009Roberta Schoen

slide28

General CUI Points

  • CUI is what used to be called “Sensitive But Unclassified (SBU)” or “Unclassified Limited” information
  • Most Scientific/Technical CUI will be at the Controlled Standard Dissemination or Controlled Specified level
  • Controlled Enhanced Standard Dissemination is handled in a more controlled manner than regular unclassified - for Witness Protection, etc.
slide29

General CUI Points

  • Memo signed by the White House in May 2008
  • National Archives and Records Administration (NARA) is the Executive Agent, ~23 agencies are in the discussions
  • Processes and markings are still “under construction”
  • 2010 Implementation for Intelligence Community
  • 2013 for the rest of DoD
slide30

Problems with Current System

  • At least 107 different markings across the government
  • The same marking sometimes means different things
    • “SBU”
    • “FOUO”
  • People don’t know the current marking rules for classified or controlled unclassified information
  • Markings are too restrictive for sharing
general
General
  • Note that DoD is only one of many agencies and Scientific/Technical Information is only one area of documents
  • Also Includes
    • Intelligence
    • Law enforcement
    • Acquisitions
    • Contracting
    • Personnel/Medical records
    • Operational Warfighter information
    • Etc.
general implementation
General Implementation
  • Secretary of Agency must submit dissemination markings to be registered
  • We are hoping that the first markings DoD will submit are from DoDD 5230.24, the STI markings
  • Document cover marking and possibly Portion marking
  • When a document is delimited, it does not automatically become Public Release – still needs PA Review
  • Money for conversion/implementation – so far, no new monies
  • Training – part of yearly security training for DoD, not clear about contractors
slide33

CAPCO Compliance

  • Controlled Access Program Coordinate Office (CAPCO)
    • Intelligence community office dealing with standards, markings, and metadata
    • Enterprise Marking Tool will be CAPCO-compliant
    • CUI markings will be added to the current CAPCO markings
progress so far
Progress So Far
  • NARA-level Subgroups include:
    • Safeguarding
    • Dissemination
    • Marking
    • Life Cycle
    • Exceptions
    • Dispute Resolution Process
  • DoD-level CUI meetings
  • DoD Enterprise Marking Tool Group
slide35

Some Outstanding Issues

  • Will this improve sharing?
  • Everything must be marked? Lists of laundry items in the field?
  • Will the proposed rules be too classification-based? (Too complicated?)
  • Who starts 2010 vs 2013? How handle in the interim when libraries receive both types of documents?
slide36

Issues Over Life Cycle

  • Conflict Resolution within DoD
  • Legacy documents
    • When do they need to be re-marked?
    • Will there be information on the document to tell when to de-limit?
    • DoD will need a cross-matching from old to new markings
  • Will there be a mandatory review over time?
  • Central Authority to tell when changed?
  • How handle Unclassified with no other markings? (Markings removed but not reviewed by PA yet)
slide37

Dissemination Markings

  • Reality is in the details…
    • How many and which current markings will be registered as legal Specified Dissemination markings?
  • Most items are supposed to be Standard Dissemination
    • For Official Use Only (FOUO)
    • Include Distribution F (always ask owner)?
    • Include Distribution C (Government and Contractor)?
slide38

Controlled Unclassified Information (CUI), the New Marking System: What’s Ahead for DOD and DTIC?

Questions?

points of contact
Points of Contact

Ms. Roberta Schoen

DTIC

(703) 767-8064, DSN: 427-8064

[email protected]

Ms. Deborah Ross

OUSD(I)

(703) 607-0323

[email protected]

ad