Covered Defense Information (CDI)
“Covered defense information (CDI)” means unclassified controlled technical information (CTI) or other information, as described in the Controlled Unclassified Information (CUI) Registry, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies, and is—
- Marked or otherwise identified in an agreement and provided to the contractor by or on behalf of the Department of Defense (DoD) in support of the performance of the agreement; or
- Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the agreement. The term does not include information that is lawfully publicly available without restrictions. This same term is used in DFARS 252.204-7012.
Examples
- Technical drawings
- Blueprints
- Plans
- Reports
- Computer Software and documentation
Laws/Regulations/Policies
DFARS 252.204-7012: Safeguarding Covered Defense Information and Cyber Incident Reporting
U.S. Department of Defense Instruction 5230.24: Distribution Statements on DoD Technical Information
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev. 2
32 CFR Part 236: Department of Defense Industrial Base Cyber Security Activities
Additional Resources
National Archives CUI Category: Controlled Technical Information
U.S. DoD CMMC Assessments Website
NSF Identifying and Protecting Controlled Unclassified Information (CUI)
Safeguarding Covered Defense Information - The Basics
UCSC Controlled Unclassified Information (CUI)
UCSC Controlled Technical Information (CTI)
Protection Level