Controlled Technical Information (CTI)

“Controlled technical information (CTI)” means technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information is to be marked with one of the distribution statements B-through-F, in accordance with DoD Instruction 5230.24, Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions.

CTI is a subcategory of Controlled Unclassified Information (CUI), which is defined as information the government owns or has created that needs to be safeguarded and disseminated using only controls consistent with government laws, regulations and policies.

Any contractors interested in doing business with the Department of Defense (DoD) must be certified by a CMMC Third-Party Assessment Organization (C3PAO) for Level 2 and Level 3. Level 2 aims to protect CUI data and includes security controls specified in NIST SP 800-171.

Examples

• Engineering drawings
• Configuration-management documentation
• Research and engineering data
• Standards
• Specifications
• Technical manuals, reports, orders
• Technical data packages
• Blueprints, plans, and instructions
• Computer software and computer software documentation
• Design analysis
• Test reports
• Cybersecurity plan
• IP addresses, nodes, links

Laws/Regulations/Policies

U.S. Department of Defense Instruction 5230.24: Distribution Statements on DoD Technical Information

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev. 2

Additional Resources

National Archives CUI Category: Controlled Technical Information

U.S. DoD CMMC Assessments Website

NSF Identifying and Protecting Controlled Unclassified Information (CUI)

Protection Level

P4