Categories of CUI
*not every category and authority listed is applicable to ODU*
- Critical Infrastructure
- Defense
- Export Control
- Financial & Tax
- Immigration
- Intelligence
- International Agreements
- Law Enforcement
- Legal
- Natural & Cultural Resources
- NATO
- Nuclear
- Patent
- Privacy
- Procurement & Acquisition
- Proprietary Business Information
- Statistical
- Tax
- Transportation
A complete list of categories, sub-categories, and descriptions can be found at http://www.dodcui.mil/
What is CUI?
Controlled Unclassified Information (CUI) is a category of unclassified information within the U.S. 联邦政府要求根据适用法律进行保护或传播控制, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. The CUI program was created by Executive Order 13556, 该法案制定了一个在行政部门管理CUI的计划,并指定国家档案和记录管理局(NARA)为执行代理,执行该命令并监督该机构的行动以确保遵守该命令. 信息安全监督办公室(ISOO)由美国档案保管员授予执行代理人的职责.
CUI计划为保护和传播被视为敏感但非机密的信息建立了统一的政策和程序, including information related to national security, law enforcement, privacy, and other areas of government operations. This information can also include trade secrets, financial data, and personally identifiable information provided to the government by private sector entities. The CUI program also provides guidance on how to handle CUI throughout its lifecycle, including how to designate, mark, safeguard, disseminate, decontrol, and dispose of CUI. This includes establishing consistent practices for controlling access, providing training and oversight, and reporting incidents involving unauthorized disclosure or loss of CUI.
Entities that handle CUI must comply with the policies and procedures established by the CUI program. 这包括实施具体的安全控制和培训计划,以确保员工和承包商了解保护CUI的重要性. 实体还必须向有关当局报告各种可疑或实际的未经授权的CUI披露或损失事件. CUI计划旨在平衡政府机构之间以及与私营部门合作伙伴共享信息的需求, while also safeguarding against potential security risks.
受控非机密信息在保护国家安全中起着至关重要的作用, privacy, and other important interests, 同时还促进政府机构和私营部门合作伙伴之间的协作和信息共享. CUI的管理由一组策略和程序进行管理,这些策略和程序旨在平衡共享信息的需要与防范潜在安全风险的需要. 制定这些政策和程序是为了确保CUI免受未经授权的披露或滥用.
The importance of CUI is reflected in its scope, which encompasses a wide range of information types, including sensitive but unclassified information related to national security, law enforcement, privacy, and other areas of government operations. This information can also include trade secrets, financial data, and personally identifiable information provided to the government by private sector entities. 这些信息的处理需要特定的安全控制和培训计划,以确保员工和承包商了解保护这些信息的重要性.
In addition to protecting sensitive but unclassified information, CUI项目还促进政府机构和私营部门合作伙伴之间的协作和信息共享. 这对于确保可能正在处理类似问题的不同实体之间的有效沟通和协调非常重要. The CUI program also provides guidance on how to handle CUI throughout its lifecycle, including how to designate, mark, safeguard, disseminate, decontrol, and dispose of CUI. 这有助于确保跨政府机构和与私营部门合作伙伴一致地管理CUI. Overall, the CUI program is an essential component of the U.S. 政府在资讯共享和防范潜在保安风险之间取得平衡的努力.
受控非机密信息(CUI)对于Old Dominion University (ODU)来说非常重要,因为它负责保护和正确传播在所有操作过程中接收或创建的CUI. 大学可以从各种来源获得CUI,例如与政府机构的研究合作, contracting with government entities, or even by handling student data. It is essential for the University to maintain compliance with applicable laws, regulations, and government-wide policies for safeguarding and disseminating CUI. Failure to do so may result in legal and financial consequences, as well as reputational damage for the University.
ODU has implemented policies and procedures to ensure that CUI is properly handled and protected. 该大学的安全研究办公室支持研究人员遵守CUI计划,并就处理和保护CUI的最佳实践提供培训和指导. Additionally, 大学信息技术办公室确保系统和网络的安全,以保护CUI免受未经授权的访问或泄露. 随着ODU继续与政府机构进行研究合作并处理敏感数据, 大学必须在处理CUI时保持警惕,以确保这些信息得到保护,并继续获得利益相关者的信任.
Furthermore, ODU’s compliance with the CUI program supports the University’s commitment to data security and privacy. By properly handling CUI, 大学致力于保护敏感信息,维护数据的机密性和完整性. This not only benefits the University and its stakeholders, but also the larger community. Proper handling of CUI helps prevent unauthorized access, misuse, or disclosure of sensitive information, which can have serious consequences for individuals and organizations. As such, ODU遵守CUI计划是大学整体数据安全和隐私工作的重要组成部分,并确保它在促进负责任和道德处理敏感信息方面尽其所能.
Frequently Asked Questions
CUI是政府创建或拥有的信息,需要根据适用法律进行保护或传播控制, regulations and government wide policies. CUI is not classified information. 除非是为政府合同而创建或包含在与政府合同相关的要求中,否则它不是公司的知识产权.
CUI includes certain types of information such as financial, legal, privacy, and procurement, and replaces old markings such as FOUO (For Official Use Only), SBU (Sensitive But Unclassified), PII (Personally Identifiable Information), Private, Confidential, etc. Classified information is separate from the CUI Program.
Yes, 个人身份信息(PII)属于CUI隐私类别之一,将作为CUI进行标记和保护. The Privacy Act and other applicable Privacy policies still apply.
Federal agencies routinely generate, use, store, and share information that, while not meeting the threshold for classification as national security or atomic energy information, requires some level of protection from unauthorized access and release.
Historically, each agency developed its own practices for sensitive unclassified information, resulting in a patchwork of systems across the Executive branch, in which similar information might be defined or labeled differently, or where dissimilar information might share a definition and/or label. CUI的建立是为了使行政部门处理需要传播控制的敏感信息的方式标准化.
Yes, but do not put CUI in the body of the email; it must be in an encrypted attachment. When sending a CUI email, the banner marking must appear at the top portion of the email, like a heading. You can add “Contains CUI” at the end of the subject line to alert your recipients. When forwarding or responding to email containing CUI, copy the banner markings and past them at the top of your new email.
Report disclosures of CUI as soon as you realized it has occurred by emailing ODUFSO@promisesurfing.net.
联邦赞助商可以确定不受EAR或ITAR约束的项目是敏感的,需要额外的保护. This could be work in fields other than “applied sciences” (linguistics, social sciences, anthropology), 要求对敏感地点(如军事设施或政府设施)进行调查和研究, and/or involves cyber security or emerging technology.
Definitively everyone, but mainly the project PI is responsible for CUI compliance throughout the project from start to finish. CUI agreements can take the shape of a contract, grant, license, memoranda of agreement, or information-sharing agreement.
Understand the data categories on your contract, what data/widget/device you or your team may create during the performance of a contract, the requirements to protect that data/widget/device, and the costs associated with that protection before you sign the contact.