Controlled Unclassified Information (CUI)

Home > Controlled Unclassified Information (CUI) > CUI Category: Privacy Information

CUI Category: Privacy Information

Banner Marking: CUI

Category Description:

Information referred to as Personally Identifiable Information (PII).  PII embodies information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual. 
Banner Format and Marking Notes:
Snippet

Banner Format:

CUI//Category Marking//Limited Dissemination Control

 

Marking Notes:

  • The CUI Control Marking may consist of either the word “CONTROLLED” or the acronym “CUI”, depending on agency policy.
  • Category marking is optional when marking Basic CUI unless required by agency policy. Example: CUI//Limited Dissemination Control.
  • Category Marking preceded by "SP-" is required when marking Specified CUI. Example: CUI//SP-Category Marking//Limited Dissemination Control
  • Whether CUI is Basic or Specified is determined by the applicable Safeguarding and/or Dissemination Authority for a given instance of CUI.
  • Separate multiple Category Markings by a single forward slash (/) and list Category Markings alphabetically. Example: CUI//Category Marking A/Category Marking B//Limited Dissemination Control
  • Category Markings for Specified CUI precede Category Markings for Basic CUI. Example: CUI//SP-Category Marking/Category Marking//Limited Dissemination Control
  • Separate multiple Limited Dissemination Controls by a single forward slash (/). Example: CUI//Category Marking//Limited Dissemination Control/Limited Dissemination Control
  • Reference 32 CFR 2002.20, CUI Marking Handbook, Limited Dissemination Controls and individual agency policy for additional and specific marking guidelines

 
Marking, Protection, and Dissemination​:

This information must be (1) Marked as CUI using the CUI Control Marking (i.e., CUI) in accordance with marking guidance found on the CUI Registry; (2) Protected in accordance with 32 CFR Part 2002, “Controlled Unclassified Information”; and (3) Disseminated in accordance with any limited dissemination control markings applied to the information.  The CUI Registry lists all limited dissemination control markings that can be applied to CUI.

When there is overlap with existing CUI Categories, and if applicable, the requirements from existing categories must be followed.

 

Snippet

Notes for Safeguarding, Dissemination and Sanction Authorities:

  • Whether CUI is Basic or Specified is determined by the applicable Safeguarding and/or Dissemination Authority for that CUI.
  • Each "Safeguarding and/or Dissemination Authority" citation links to the statute, regulation or government-wide policy authorizing the control of that information as CUI.
  • Each "Sanctions" authority links to the statute, regulation or government-wide policy that includes penalties for CUI misuse of CUI for the associated "Safeguarding and/or Dissemination Authority" on the same line.
Safeguarding and/or Dissemination Authority Basic or
Specified		 Banner Marking Sanctions
Provisional Approval 2018-09-07 Basic CUI  

 

Snippet

Authority links are updated based on regular re-publication of the United States Code and Code of Federal Regulations, and the CUI Registry maintenance schedule.

 

Top