Controlled Unclassified Information (CUI), the New Marking System:
1 / 39

Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC? - PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC? April 6, 2009 Ms. Roberta Schoen. Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC?. Ms. Deborah Ross

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC?

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Controlled Unclassified Information (CUI), the New Marking System:

What's Ahead for DoD and DTIC?

April 6, 2009

Ms. Roberta Schoen

Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC?

Ms. Deborah Ross

Deputy Director, Information Security Policy

Office of the Under Secretary of Defense (Intelligence)

Ms. Roberta Schoen

Director of Operations

Defense Technical Information Center

Controlled Unclassified Information (CUI)

Deborah RossDeputy Director, Information Security PolicyOffice of the Under Secretary of Defense (Intelligence)

6 April 2009


  • Standardization Needed

  • Authorities

  • CUI Criteria

  • Markings

  • Exceptions

  • Governance Structure

  • CUI Council

  • National Actions

  • National FY09 Priorities


  • National Timeline

  • Guiding Principles

  • DoD Actions

Standardization Needed

  • CUI is shared according to an ungoverned body of policies and practices thatconfuse both its producers and users

  • Across the Federal Government there are at least 107 unique markings and over 130 different labeling or handling processes and proceduresfor CUI

  • Inconsistency in CUI policies increases the likelihood of erroneous handling and dissemination of information

  • Inconsistency in CUI policies hampers the sharing of information across the US Government and with State, Local, and Tribal entities.


  • Section 1016 of the Intelligence Reform Terrorism Prevention Act (IRTPA)

    • The President shall:

      • create an information sharing environment (ISE)

      • ensure that the ISE provides and facilitates the means for sharing information among all appropriate entities through the use of policy guidelines and technologies


  • Guideline 3, Presidential Memorandum, December 16, 2005

    “To promote and enhance the effective and efficient acquisition, access, retention, production, use, management, and sharing of sensitive but unclassified (SBU) information, including homeland security information, law enforcement information, and terrorism information, procedures and standards for designating, marking, and handling SBU information (collectively “SBU procedures”) must be standardized across the Federal government.”

    -Guideline 3, December 16, 2005 Presidential Memorandum


  • Presidential Memorandum, May 9, 2008, Designation and Sharing of Controlled Unclassified Information

    • Replaces the term SBU with CUI

    • Defines CUI

  • “Unclassified information that does not meet the standard for National Security Classification under Executive Order 12958, as amended, but is pertinent to the national interest of the United States or originated by entities outside the U.S. Federal government, and under law or policy requires protection from disclosure, special handling safeguards, and prescribed limits on exchange or dissemination”

    • - Presidential Memorandum, May 9, 2008, Designation and Sharing of Controlled Unclassified Information


  • Establishes a new CUI Framework

  • Standardizes practices to improve information sharing

  • Designates the National Archives and Records Administration (NARA) as the Executive Agent to oversee and implement

CUI Criteria

  • Information shall be designated as CUI based on

    • Statute, or

    • Agency head determination

  • Information shall not be designated as CUI

    • To conceal violations of law, inefficiency, or administrative error;

    • To prevent embarrassment to the US Government, any US official, organization, or agency;

CUI Criteria

  • To improperly or unlawfully interfere with competition;

  • To prevent or delay the release of information that does not require such protection;

  • If it is required by statute or Executive Order to be made available to the public; or

  • If it has been released to the public under proper authority.


  • CUI Markings

    • Two safeguarding levels: Controlled or Controlled Enhanced

    • Two dissemination levels: Standard or Specified

    • Overall CUI marking will convey the safeguarding and dissemination levels of the document

    • All CUI will carry one of three overall markings






  • CUI Exceptions

    • CUI Framework shall be used for excepted information to the maximum extent possible

    • CUI Framework shall not interfere with regulatory requirements for marking, safeguarding, and disseminating

    • Exceptions will be listed on a CUI Register

    • Any regulatory marking shall follow the most applicable CUI safeguarding marking along with a specified dissemination instruction


  • Known Exceptions include:

    • 6 CFR Pt. 29 - PCII (Protected Critical Infrastructure Information)

    • 49 CFR Pts, 15 (DOT) & 1520 (DHS/Transportation Security Administration) - SSI (Sensitive Security Information)

    • 6 CFR Pt. 27 - CVI (Chemical Vulnerability Information)

    • 10 CFR Pt. 73 - SGI (Safeguards Information)

Governance Structure

  • CUI Governance Structure:

    • CUI Executive Agent – NARA

    • CUI Council – Membership drawn from within the existing Information Sharing Council

    • Departments and Agencies – Responsible for implementing and overseeing compliance with the CUI Framework

National Actions

  • National actions since May 9, 2008:

    • May 21, 2008: Archivist of the United States established the CUI Office

    • June 30, 2008: Director of CUI Office sent a letter out to Departments and Agencies introducing the Executive Agent and tentative plans for implementation of the Framework

National Actions

  • July 9, 2008: PM-ISE activated the CUI Council as a subcommittee of the Information Sharing Council (ISC) and requested designees

  • August 2008: CUI Office launched its website at

  • September 2008: CUI EA began developing implementing guidance

National-Level FY09 Priorities

  • National-level FY09 Priorities:

    • Develop a Centralized Implementation Plan

      • Set priorities for implementation

      • Establish milestones for alignment to CUI Framework

      • Establish training schedule

    • Develop Implementation Policies

      • Define Safeguarding Standards

      • Define Department/Agency CUI Dissemination Policies

National-Level FY09 Priorities

  • Develop detailed guidance on CUI life cycle, portion marking, and application of CUI Framework to archived information

  • Establish Centralized CUI Training (CUI 101)

  • Begin to Develop Department/Agency-specific Implementation Plan

    • Establish Department/Agency-specific CUI Training (CUI 201)

  • CUI Framework Implementation Timeline Overview (as of 11/17/08)

    Guiding Documents

    CUI Council Meetings





    Aug 21

    Every 3rd

    Thurs as




    Sep 18


    Nov 19



    of CUI Framework

    May 2013


    & Agencies

    Identify reps

    Outreach Phase

    Department &

    Agencies submit

    Plans to CUIO

    Data call


    Sep 8


    Oct 16


    Dec 4

    Planning Phase

    Implementation Phase

    Date May 08 Jun Jul Aug Sep 08 Oct Nov Dec 08………Sep 09 Oct 09 Oct 10 Oct 11 Oct 12

    FY 08FY09 FY10 FY 11 FY12 FY 13

    Phase Stand-up Initial Outreach Planning Implementation – Phase I Implementation – Phase II




    Jun 27



    FY12 – FY 13


    Monitor Department &

    Agency compliance with

    CUI policy, standards,

    and markings

    Evaluate effectiveness of

    CUI Implementation

    Policy and Guidance

    Update Policy and

    Guidance as necessary

    Annual Report

    Alignment of Policy Markings

    with Exceptions

    Alignment of Regulatory


    Confirm necessary changes

    to regulation and statute

    Annual Report


    CUI Memo

    May 9


    CUI Memo

    May 21


    at PM-

    ISE PR

    Aug 28

    Finalize Department & Agency


    Activate Registry

    Initiate CUI 201Training

    Identify and designate CUI

    Alignment of Policy-based


    Begin federal rule-making


    Annual Report

    Milestones and Plan

    Draft Implementing Guidance





    Initiate CUI 101Training

    Design Registry

    Review Department

    & Agency Plans

    Annual Report




    Jul 9




    May 20



    Data call




    Brief to

    ISC Jul 16

    Outreach to


    & Agencies



    data call to


    & Agencies

    Aug 8

    Guiding Principles

    DoD Actions

    • DoD Actions

      • Participating as a member of the CUI Council (OASD(NII)/DoD CIO primary, OUSD(I) alternate)

      • Leading a DoD CUI Task Force

      • Exploring enterprise solutions—Marking Software

      • Developing a DoD Transition Plan that addresses all DoD CUI

      • Planning resources

    DoD Actions

    • Coordinating with Intelligence Community effort to avoid duplication and align implementation schedules

    • Informing DoD at large—

      • Joint OASD(NII)/DoD CIO and USD(I) memorandum

      • Currently staffing a USD(I) memorandum addressing status of national policy and existing DoD CUI policy

    • Positioning detailees at the NARA CUI Office to represent DoD interests

    Take Aways

    • Do NOT implement the national level policy—continue to follow guidance in DoD 5200.1-R

    • Express your issues/ideas to your CUI representative within your DoD organization

    • If you are responsible for implementing within your organization begin planning implementation to include resources

    Controlled Unclassified Information (CUI), the New Marking System: What's Ahead for DoD and DTIC?

    Controlled Unclassified Information:An STI View

    April 6, 2009Roberta Schoen

    General CUI Points

    • CUI is what used to be called “Sensitive But Unclassified (SBU)” or “Unclassified Limited” information

    • Most Scientific/Technical CUI will be at the Controlled Standard Dissemination or Controlled Specified level

    • Controlled Enhanced Standard Dissemination is handled in a more controlled manner than regular unclassified - for Witness Protection, etc.

    General CUI Points

    • Memo signed by the White House in May 2008

    • National Archives and Records Administration (NARA) is the Executive Agent, ~23 agencies are in the discussions

    • Processes and markings are still “under construction”

    • 2010 Implementation for Intelligence Community

    • 2013 for the rest of DoD

    Problems with Current System

    • At least 107 different markings across the government

    • The same marking sometimes means different things

      • “SBU”

      • “FOUO”

    • People don’t know the current marking rules for classified or controlled unclassified information

    • Markings are too restrictive for sharing


    • Note that DoD is only one of many agencies and Scientific/Technical Information is only one area of documents

    • Also Includes

      • Intelligence

      • Law enforcement

      • Acquisitions

      • Contracting

      • Personnel/Medical records

      • Operational Warfighter information

      • Etc.

    General Implementation

    • Secretary of Agency must submit dissemination markings to be registered

    • We are hoping that the first markings DoD will submit are from DoDD 5230.24, the STI markings

    • Document cover marking and possibly Portion marking

    • When a document is delimited, it does not automatically become Public Release – still needs PA Review

    • Money for conversion/implementation – so far, no new monies

    • Training – part of yearly security training for DoD, not clear about contractors

    CAPCO Compliance

    • Controlled Access Program Coordinate Office (CAPCO)

      • Intelligence community office dealing with standards, markings, and metadata

      • Enterprise Marking Tool will be CAPCO-compliant

      • CUI markings will be added to the current CAPCO markings

    Progress So Far

    • NARA-level Subgroups include:

      • Safeguarding

      • Dissemination

      • Marking

      • Life Cycle

      • Exceptions

      • Dispute Resolution Process

    • DoD-level CUI meetings

    • DoD Enterprise Marking Tool Group

    Some Outstanding Issues

    • Will this improve sharing?

    • Everything must be marked? Lists of laundry items in the field?

    • Will the proposed rules be too classification-based? (Too complicated?)

    • Who starts 2010 vs 2013? How handle in the interim when libraries receive both types of documents?

    Issues Over Life Cycle

    • Conflict Resolution within DoD

    • Legacy documents

      • When do they need to be re-marked?

      • Will there be information on the document to tell when to de-limit?

      • DoD will need a cross-matching from old to new markings

    • Will there be a mandatory review over time?

    • Central Authority to tell when changed?

    • How handle Unclassified with no other markings? (Markings removed but not reviewed by PA yet)

    Dissemination Markings

    • Reality is in the details…

      • How many and which current markings will be registered as legal Specified Dissemination markings?

    • Most items are supposed to be Standard Dissemination

      • For Official Use Only (FOUO)

      • Include Distribution F (always ask owner)?

      • Include Distribution C (Government and Contractor)?

    Controlled Unclassified Information (CUI), the New Marking System: What’s Ahead for DOD and DTIC?


    Points of Contact

    Ms. Roberta Schoen


    (703) 767-8064, DSN: 427-8064

    Ms. Deborah Ross


    (703) 607-0323

  • Login