What is the Federal CUI governance structure? The National Archives and Records Administration (NARA) serves as the Controlled Unclassified Information (CUI) Executive Agent (EA). NARA has the authority and responsibility to manage the CUI Program across the Federal government.
Who is responsible for protecting CUI quizlet?
[Title 32 CFR, Part 2002] The National Archives and Records Administration (NARA), which implements the executive branch-wide CUI Program and oversees federal agency actions to comply with Executive Order 13556.
Who protects CUI?
As of the writing of this page, the Department of Defense (DoD) has been the first agency to adopt controls regarding the safeguarding of CUI, which they have enacted through specific regulations that specify how certain federal and nonfederal organizations must control CUI in their environment.
Who is responsible for CUI?
The authorized holder (an individual, agency, organization, or group of users that is permitted to designate or handle CUI, in accordance with 32 CFR Part 2002) of a document or material is responsible for determining, at the time of creation, whether the information falls into a CUI category.
How can we protect CUI?
- Level 1 suggests performing basic cyber hygiene practices like installing anti-virus software and regularly changing passwords to safeguard Federal Contract Information (FCI).
- Level 2 describes an “intermediate level of cyber hygiene” that begins implementing NIST SP 800-171 requirements to secure CUI.
Who can destroy CUI?
Therefore, all CUI paper MUST be destroyed using a high security shredder that produces a final particle size of 1mmx5mm or less, such as those listed on the NSA/CSS 02-01 EPL for classified paper destruction. All of SEM’s high security shredders meet this mandate.
What level of system and network is required for CUI?
The Federal Information Systems Modernization Act (FISMA) requires that CUI Basic be protected at the FISMA Moderate level and can be marked as either CUI or Controlled.
Is CUI replacing Fouo?
Why is CUI important? … CUI policy provides a uniform marking system across the Federal Government that replaces a variety of agency-specific markings, such as FOUO, LES, SBU, etc.
Is encrypted CUI still CUI?
Answer: Yes. CUI must be encrypted in transit.
What is CUI specific?
CUI Specified is the subset of CUI in which the authorizing law, regulation, or Government-wide policy contains specific handling controls that it requires or permits agencies to use that differ from those for CUI Basic. … Decontrol may occur automatically or through agency action.
Is Noforn a CUI?
Because NF is in the portion marking, NOFORN will be placed in the banner line. LDCs are CUI executive agent-approved controls agencies may use to limit or specify CUI dissemination. … LDCs or distribution statements cannot unnecessarily restrict CUI access.
What are examples of CUI?
Examples of CUI would include any personally identifiable information such as legal material or health documents, technical drawings and blueprints, intellectual property, as well as many other types of data. The purpose of the rule is to make sure that all organizations are handling the information in a uniform way.