ROBINS AIR FORCE BASE, Ga. -- The Defense Department’s new Controlled Unclassified Information program stood up in July 2020 with the release of DoD Instruction 5200.48, Controlled Unclassified Information (CUI). The program ensures standardized identification, safeguarding, transmission, storage, dissemination, destruction and records management for CUI used across all government agencies.
CUI is government information which requires protection under a law, regulation or government-wide policy. Government information cannot be marked as CUI to conceal violations of law, inefficiency or administrative error, to prevent embarrassment to a person, organization or agency, or to prevent open competition.
Unlike access to classified national security information, there is no “need-to-know” requirement for CUI. Access to CUI is based on an authorized, lawful government purpose.
Formerly, unclassified markings such as “For Official Use Only (FOUO),” were used by different government agencies as dissemination controls for information requiring additional safeguarding or exemptions from disclosure under the Freedom of Information Act. With the publication of DoDI 5200.48, FOUO was cancelled and can no longer be used.
Austin Tosi, Air Force Reserve Command INFOSEC and CUI Program Manager, said the new CUI program also establishes a new ancillary training requirement for Reserve Citizen Airmen, civilian employees and contractors.
“The training was recently released by the DoD. It requires all military, civilian employees and contractor personnel complete initial and annual CUI training. A link to this training can be found in ARCNet as ’DoD Mandatory Controlled Unclassified Information Training,’” said Tosi.
Tosi said all personnel are encouraged to complete this training prior to attempting to mark information as CUI.
“Implementing this program is not as simple as replacing the FOUO marking in a memorandum, plan or PowerPoint presentation with the new CUI marking. There is a process which includes validating the information being marked genuinely requires CUI safeguarding,” said Tosi.
For more information on the CUI program, contact your organization’s security manager/ assistant or your host installation’s Information Protection Office.