Controlled Unclassified Information (CUI)

Home > Controlled Unclassified Information (CUI) > CUI Category: Information Systems Vulnerability Information

CUI Category: Information Systems Vulnerability Information

Banner Marking: CUI

Category Description:

Related to information that if not protected, could result in adverse effects to information systems. Information system means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
Category Marking: ISVI
Alternative Banner Marking for Basic Authorities: CUI//ISVI
Banner Format and Marking Notes:
Snippet

Banner Format:

CUI//Category Marking//Limited Dissemination Control

 

Marking Notes:

  • The CUI Control Marking may consist of either the word “CONTROLLED” or the acronym “CUI”, depending on agency policy.
  • Category marking is optional when marking Basic CUI unless required by agency policy. Example: CUI//Limited Dissemination Control.
  • Category Marking preceded by "SP-" is required when marking Specified CUI. Example: CUI//SP-Category Marking//Limited Dissemination Control
  • Whether CUI is Basic or Specified is determined by the applicable Safeguarding and/or Dissemination Authority for a given instance of CUI.
  • Separate multiple Category Markings by a single forward slash (/) and list Category Markings alphabetically. Example: CUI//Category Marking A/Category Marking B//Limited Dissemination Control
  • Category Markings for Specified CUI precede Category Markings for Basic CUI. Example: CUI//SP-Category Marking/Category Marking//Limited Dissemination Control
  • Separate multiple Limited Dissemination Controls by a single forward slash (/). Example: CUI//Category Marking//Limited Dissemination Control/Limited Dissemination Control
  • Reference 32 CFR 2002.20, CUI Marking Handbook, Limited Dissemination Controls and individual agency policy for additional and specific marking guidelines

 

 

Snippet

Notes for Safeguarding, Dissemination and Sanction Authorities:

  • Whether CUI is Basic or Specified is determined by the applicable Safeguarding and/or Dissemination Authority for that CUI.
  • Each "Safeguarding and/or Dissemination Authority" citation links to the statute, regulation or government-wide policy authorizing the control of that information as CUI.
  • Each "Sanctions" authority links to the statute, regulation or government-wide policy that includes penalties for CUI misuse of CUI for the associated "Safeguarding and/or Dissemination Authority" on the same line.
Safeguarding and/or Dissemination Authority Basic or
Specified		 Banner Marking Sanctions
44 USC 3554 (see OMB M-21-02for implementing guidance) Basic CUI  
44 USC 3555(f) Basic CUI  

 

Snippet

Authority links are updated based on regular re-publication of the United States Code and Code of Federal Regulations, and the CUI Registry maintenance schedule.

 

Top