Home /

Controlled Unclassified Information (CUI)

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.

Executive Order 13556 "Controlled Unclassified Information" (the Order), establishes a program for managing CUI across the Executive branch and designates the National Archives and Records Administration (NARA) as Executive Agent to implement the Order and oversee agency actions to ensure compliance. Prior to EO 13556, there were more than 100 different markings for such information across the executive branch including ad hoc, agency-specific approaches that unnecessarily restricted information-sharing.

32 CFR Part 2002 "Controlled Unclassified Information" was issued to establish a uniform policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements, and other facets of the Program. The rule affects Federal executive branch agencies that handle CUI and all organizations (sources) that handle, possess, use, share, or receive CUI—or which operate, use, or have access to Federal information and information systems on behalf of an agency. The rule therefore applies to the University when we are given access to, or generate, CUI.

The CUI Registry is the Government-wide online repository for Federal-level guidance regarding CUI policy and practice. It lists the CUI Categories, Subcategories and change log.

CUI is not to be confused with the three most sensitive categories of government classification: “confidential”, “secret” and “top secret”. These categories refer to types of information that could cause damage, serious damage or exceptionally grave damage if they were released and if they fell into the hands of adversaries.