What is cui specified

Overview

Controlled Unclassified Information (CUI) Specified is a category of information used by the United States federal government to designate unclassified documents and materials that require specific safeguarding and handling procedures. Unlike classified information (such as Secret or Top Secret), CUI Specified is not classified but still requires protection due to its sensitive nature. The framework for CUI was established by Executive Order 13556 signed in 2010 and is administered by the National Archives and Records Administration (NARA).

What is CUI Specified?

CUI Specified refers to unclassified information that belongs to a specific category of controlled information. These categories include information that could cause harm if released without proper safeguards. Examples include export-controlled technical information and cryptography, law enforcement sensitive records, proprietary business information and trade secrets, personally identifiable information (PII) and health records, and details related to critical infrastructure and cybersecurity.

Categories and Examples

The CUI program recognizes several categories of information that require protection. Export Control Information includes technical data and cryptographic information restricted by federal regulations. Law Enforcement Sensitive covers investigative records, witness information, and sensitive investigative techniques. Proprietary Information includes trade secrets and business confidential information. Personal Information encompasses personally identifiable information, health records, and financial data. Critical Infrastructure Information covers security information about power plants, water systems, and telecommunications networks.

Marking and Handling Requirements

Documents containing CUI Specified must be clearly marked with the designation "CUI" along with the specific category of the information. Standard markings appear on the cover page and each page containing CUI material. Government employees and contractors must adhere to specific handling procedures, including secure storage in locked containers, encrypted transmission via approved channels, and certified destruction at the end of use.

Who Can Access CUI Specified?

Access to CUI Specified information is more flexible than classified information. While only government employees with appropriate security clearances can access classified material, CUI Specified can be shared with cleared contractors, state and local government officials, and in some cases international partners under specific agreements. However, access is always limited to those with a documented need to know for official purposes.

Compliance and Oversight

Federal agencies must maintain detailed records of CUI access and implement safeguarding measures appropriate to the category level. Mishandling or unauthorized disclosure of CUI Specified can result in administrative disciplinary actions, removal from federal service, or criminal penalties depending on severity. All federal employees receive mandatory training on CUI requirements and their responsibilities in protecting sensitive unclassified information.