CUI Policy and Guidance
Policy and Guidance
The Controlled Unclassified Information Executive Agent (CUI EA) issues guidance to Executive branch departments and agencies that handle unclassified information that requires safeguarding or dissemination controls, pursuant to and consistent with applicable law, regulations, and government-wide policies. Guidance issued by the CUI EA is not binding on the public, unless authorized by law or when incorporated into contracts or agreements.
|11/04/2010||Executive Order 13556 "Controlled Unclassified Information"|
|09/14/2016||32 CFR Part 2002 "Controlled Unclassified Information"|
OMB Circular No. A-11 provides guidance on preparing the Budget and instructions on budget execution. Section 31.15 requires that agency budget estimates should reflect consideration of Executive Order 13556, Controlled Unclassified Information (CUI), and the policies issued by the National Archives and Records Administration (NARA), 32 CFR part 2002, "Controlled Unclassified Information," with an effective date of November 14, 2016, and CUI Notice 2016-01, "Implementation Guidance for the Controlled Unclassified Information Program," September 14, 2016.
The following National Institute of Standards and Technology (NIST) publications have been incorporated by reference into the CUI Implementing Directive, 32 CFR Part 2002, and should be consulted for guidance on implementing specific measures to safeguard CUI:
- Federal Information Processing Standards Publication 199, Standards for Security Categorization of Federal Information and Information Systems
- Federal Information Processing Standards Publication 200, Minimum Security Requirements for Federal Information and Information Systems
- NIST Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations
- NIST Special Publication 800-88, Revision 1, Guidelines for Media Sanitization
- NIST Special Publication 800-171, Revision 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- NIST Special Publication 800-171A, Assessing Security Requirements for Controlled Unclassified Information
The CUI EA established the CUI Advisory Council to carry out consultative functions directed by Executive Order 13556.
The CUI EA has developed recommendations to assist departments and agencies in development of their CUI programs and submission of information to the EA.