Controlled Unclassified Information (CUI)

CUI Category: Information Systems Vulnerability Information - Homeland

Category Description:

a. DHS information technology internal systems data revealing infrastructure used for servers, desktops, and networks; applications name, version and release; switching, router, and gateway information; interconnections and access methods; mission or business use/need.  Examples of information are systems inventories and enterprise architecture models.  Information pertaining to national security systems and eligible for classification under Executive Order 13526, will be classified as appropriate.

b. Information regarding developing or current technology, the release of which could hinder the objectives of DHS, compromise a technological advantage or countermeasure, cause a denial of service, or provide an adversary with sufficient information to close, counterfeit, or circumvent a process or system. 

Category Marking: CUI
Marking, Protection, and Dissemination​: This information must be (1) Marked as CUI using the CUI Control Marking (i.e., CUI) in accordance with marking guidance found on the CUI Registry; (2) Protected in accordance with 32 CFR Part 2002, “Controlled Unclassified Information”; and (3) Disseminated in accordance with any limited dissemination control markings applied to the information.  The CUI Registry lists all limited dissemination control markings that can be applied to CUI. 

Notes for Safeguarding, Dissemination and Sanction Authorities:

  • Whether CUI is Basic or Specified is determined by the applicable Safeguarding and/or Dissemination Authority for that CUI.
  • Each "Safeguarding and/or Dissemination Authority" citation links to the statute, regulation or government-wide policy authorizing the control of that information as CUI.
  • Each "Sanctions" authority links to the statute, regulation or government-wide policy that includes penalties for CUI misuse of CUI for the associated "Safeguarding and/or Dissemination Authority" on the same line.
Safeguarding and/or Dissemination Authority Basic or
Provisional Approval 2018-09-07 Basic  



Authority links are updated based on regular re-publication of the United States Code and Code of Federal Regulations, and the CUI Registry maintenance schedule.