Which of the following must she have to meet the requirement to access classified information? (b) Controls on accessing and disseminating CUI -. If so, the authorized holder is responsible for applying CUI markings and dissemination instructions accordingly. For the reasons stated in the preamble, NARA proposes to amend 32 CFR, Chapter XX, by adding part 2002 to read as follows: Authority: This may include intentional violations or unintentional errors in safeguarding or disseminating CUI. (4) Agencies must protect the confidentiality of CUI that is processed, stored, or transmitted on Federal information systems consistently with the security requirements and controls established in FIPS Publication 199, FIPS Publication 200, and NIST SP 800-53. (2) Consults with affected agencies, State, local, Tribal, and private sector partners, and representatives of the public on matters pertaining to CUI. Treat unmarked information that qualifies as CUI as described in the Order, this part, and the CUI Registry. NARA has taken steps, however, to alleviate the difficulty for contractors and small businesses of complying with information systems requirements, whether they already comply or will need to comply in future. (v) Follow the requirements of the Order, this part, and the CUI Registry if extracting a CUI portion for use in a new document. CUI Program is the executive branch-wide program to standardize CUI handling by all Federal agencies. Non-Federal systems are often built using different processes from the Government-specific ones outlined in the NIST guidelines, even while achieving the same standard of protection as set forth in the Federal Information Processing Standards (FIPS). (v) List category or subcategory markings in alphabetical order, using the approved abbreviations listed in the CUI Registry, and separate multiple categories or subcategories from each other by a single slash (/). Controls on accessing and disseminating CUI, Electronic Code of Federal Regulations (e-CFR), Subtitle B - Other Regulations Relating to National Defense, CHAPTER XX - INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION, PART 2002 - CONTROLLED UNCLASSIFIED INFORMATION (CUI), Subpart B - Key Elements of the CUI Program. The fact that records are subject to the Privacy Act of 1974 does not mean that agencies must mark them as CUI. (f) Portion marking CUI. (8) The lack of a CUI marking on information does not exempt the information from applicable handling requirements set forth in laws, regulations, or Government-wide policies. This information is not part of the official Federal Register document. When destroying or disposing of classified info, you must_________. Authorized holder is an individual, agency, organization, or group of users that is permitted to designate or handle CUI" (32 CFR 2002.4 (d)). As defined in DoDM 5200.01, Volume 3, DoD Information Security Program, unauthorized disclosure is the communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient. This information is called Controlled Unclassified Information (CUI). Executive Order 12866, Regulatory Planning and Review, 58 FR 51735 (September 30, 1993), and Executive Order 13563, Improving Regulation and Regulation Review, 76 FR 23821 (January 18, 2011), direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). #S$5W&4gRb&JXBT6!LiI8*zXNMYR{UC%Ep06&bU\)*H1,15w:aR)LvlMj?/Uc-Gq!}. More information and documentation can be found in our When classified information or controlled unclassified information is transferred or This proposed rule will not have any direct effects on State and local governments within the meaning of the Executive Order. classified or controlled unclassified information to an unauthorized recipient, leaving a classified document on a photocopier, The Whistleblower Protection Enhancement Act (WPEA), ensure that the system has been accredited to process classified information at the appropriate classification level and category. (2) CUI Specified. Control level is a general term that encompasses the category or subcategory of specific CUI, along with any specific safeguarding and disseminating requirements. should verify the contents of the documents against a final, official (2) Must ensure, when reproducing CUI documents on equipment such as printers, copiers, scanners, or fax machines, that the equipment does not retain data or the agency must otherwise sanitize it in . (b) Agency CUI senior agency officials must create a process within their agency to accept and manage challenges to CUI status. (1) When a transmittal document accompanies CUI, the transmittal document must include a CUI marking on its face (CONTROLLED or CUI), indicating that CUI is attached or enclosed. (ii) In the absence of specific dissemination restrictions in the authorizing law, regulation, or Government-wide policy, agencies may disseminate CUI Specified as they would CUI Basic. Although this information is not controlled or classified, agencies must still handle it consistently with Federal Information Security Modernization Act (FISMA) requirements. electronic version on GPOs govinfo.gov. From all available information, NARA believes this impact will be minimal, but reporting on non-compliance with these OMB and NIST standards is limited. Non-executive branch entities may receive CUI directly from members of the executive branch or as sub-recipients from other non-executive branch entities. documents in the last year, 822 Second, they must have a "need-to-know" for access to classified information. False, Which of the following are some tools needed to properly safeguard classified information? These markup elements allow the user to see how the document follows the Authorized holders should disseminate and encourage access to CUI Basic for any recipient when the access meets the requirements set out in paragraph (a)(1) of this section. Limitations on applicability of agency CUI policies. Second, they must have a "need-to-know" for access to classified information. (1) Before disseminating CUI, you must reasonably expect that all intended recipients are authorized to receive the CUI. Data Spill, An individual with access to classified information sells classified information to a foreign intelligence entity. Which type of unauthorized disclosure has occurred? Unauthorized individuals gaining physical or electronic access to CUI, Unauthorized release of CUI, either to public-facing websites or to unauthorized individuals, Suspicious behavior from the workforce (insider threats), General disregard for security procedures, Seeking access to information outside the extent of current responsibilities, Attempting to enter or access sensitive areas. The primary purpose of a directive is to direct the reader to additional sources of information. Such directives must be consistent with the Order, this part, and the CUI Registry. (b) CUI safeguarding standards. (c) The CUI Executive Agent is the impartial arbiter of the dispute and has the authority to render a decision on the dispute after consultation with all affected parties, unless laws, regulations, or Government-wide policies otherwise specifically govern requirements for the involved category or subcategory of information. The Supreme Court must decide whether the treaty is constitutional, but Congress can override the court with approval of the president. :Ar:jrkkT This feature is not available for this document. Waivers of CUI requirements in exigent circumstances. CUI Program manager is an agency official, designated by the agency head or CUI senior agency official, to serve as the official representative to the CUI Executive Agent on the agency's day-to-day CUI Program operations, both within the agency and in interagency contexts. What is controlled classified information? (i) If an authorized holder publicly releases CUI in accordance with the designating agency's authorized procedures, the release constitutes decontrol of the information. Agencies may increase the confidentiality impact level above moderate and apply additional security requirements and controls only internally; they may not require anyone outside the agency to use a higher impact level or more stringent security requirements and controls. CUI If you seee classified info or controlled unclassified info (CUI) on a public internet site, what should you do? Document also includes voice records, film, tapes, video tapes, email, personal computer files, electronic matter, and other data compilations from which information can be obtained, including materials used in data processing. D. Mateo's issues must be unique to the city he lives in since these issues are not common. (a) The agency head or CUI senior agency official must establish policies that address the means, methods, and frequency of agency CUI training. Classified info or controlled unclassifed info (CUI) in the public domain. However, the Department may investigate and consider any matter that relates to the determination of whether access is clearly consistent with the interests of national security. (3) Circumstances indicate that the employee or former employee had the capability and opportunity to disclose classified information that is known to have been lost or compromised to a foreign power or an agent of a foreign power. In the present contractor environment, differing requirements and conflicting guidance from agencies for the same types of information gives rise to confusion and inefficiencies for contractors working with more than one agency or handling information originating from different agencies. (d) Protecting CUI not under control of an authorized holder. (iii) Include point of contact and preferred method of contact information in the decontrol indicator when using this method, to allow authorized holders to verify that a specified event has occurred. (e) Reproducing CUI. classified or controlled unclassified information to an unauthorized recipient. This publication has already undergone one round of public comment as NIST SP-800-171 and is undergoing a second round of public comment until May 12, 2015; we expect to finalize it in June 2015. As a cleared employee, you should recall that authorized recipients must meet three requirements to access classified information. (ii) If you include in the banner marking other authorized CUI markings in addition to the CUI control marking (as set out below), separate those elements from the CUI control marking by a single slash (/). Is Yuri following DoD policy? (b) Controls on accessing and disseminating CUI (1) CUI Basic. Agencies need ways for employees to report these incidents. a. Classification levels and content The U.S. government uses three levels of classification to designate how sensitive certain information is: confidential, secret and top secret. (1) Before disseminating CUI, authorized holders must reasonably expect that all intended recipients have a lawful Government purpose to receive the CUI. (2) Agencies should impose controls only as necessary to abide by restrictions on access to CUI. (3) Records maintained by commercial entities within the United States pertaining to any travel by the employee outside the United States. Executive branch agencies must Start Printed Page 26504include a requirement to comply with Executive Order 13556, Controlled Unclassified Information, November 4, 2010 (3 CFR, 2011 Comp., p. 267) (the Order), and this part in all contracts that require a contractor to handle CUI for the agency. Mateo clearly has opportunities but a bit of bad luck from time to time. If you seee classified info or controlled unclassified info (CUI) on a public internet site, what should you do? Arrangements may include safeguarding or dissemination controls. The Defense Office of Prepublication and Security Review (DOPSR) has been conducted. (f) Information may be requested pursuant to the employee consent obtained under paragraph (e) of this section only where: (1) There are reasonable grounds to believe, based on credible information, that the employee or former employee is, or may be, disclosing classified information in an unauthorized manner to a foreign power or agent of a foreign power; (2) Information the Department deems credible indicates the employee or former employee has incurred excessive indebtedness or has acquired a level of affluence that cannot be explained by other information; or. To disseminate CUI to a non-executive branch entity, authorized holders must reasonably expect that all intended recipients are authorized to receive the CUI and have a basic understanding of how to handle it. These can be useful documents in the last year, by the Environmental Protection Agency An authorized recipient must: Obtain a favorable determination of eligibility for access Execute an approved Non-disclosure Agreement (NdA) Possess a need -to-know for the classified information. When an agency's mission requires it to disseminate CUI without entering into an information-sharing agreement, the agency must communicate to the recipient that because of the sensitive nature of the information, the Government strongly encourages the non-executive branch entity to protect CUI consistent with the Order, this part, and the CUI Registry. For each noun, write the corresponding adjective. Any concerns related to your specific treatment options should be discussed with your primary physician or other licensed medical professional. Recipients must have a lawful government purpose. Document means any tangible thing, which constitutes or contains information, and means the original and any copies (whether different from the originals because of notes made on such copies or otherwise) of all writings of every kind and description over which an agency has authority, whether inscribed by hand or by mechanical, facsimile, electronic, magnetic, microfilm, photographic, or other means, as well as phonic or visual reproductions or oral statements, conversations, or events, and including, but not limited to: Correspondence, email, notes, reports, papers, files, manuals, books, pamphlets, periodicals, letters, memoranda, notations, messages, telegrams, cables, facsimiles, records, studies, working papers, accounting papers, computer disks, computer tapes, telephone logs, computer mail, computer printouts, worksheets, sent or received communications of any kind, teletype messages, agreements, diary entries, calendars and journals, printouts, drafts, tables, compilations, tabulations, recommendations, accounts, work papers, summaries, address books, other records and recordings or transcriptions of conferences, meetings, visits, interviews, discussions, or telephone conversations, charts, graphs, indexes, tapes, minutes, contracts, leases, invoices, records of purchase or sale correspondence, electronic or other transcription of taping of personal conversations or conferences, and any written, printed, typed, punched, taped, filmed, or graphic matter however produced or reproduced. 1503 & 1507. (a) All parties to a dispute arising from implementation or interpretation of the Order, this part, or the CUI Registry should make every effort to resolve the dispute expeditiously. Many of the security controls contained in the NIST guidelines are specific to Government systems, and thus have been difficult for contractors to implement with their own already-existing systems. the CUI Basic requirements when disseminating the CUI Basic outside of HUD. by the Housing and Urban Development Department If such a conflict occurs, agencies follow the CUI Specified authority's requirements. If such agreements or arrangements include safeguarding or dissemination controls on unclassified information, the agency must not establish a parallel protection regime to the CUI Program: For example, the agency must use CUI markings rather than alternative ones (e.g., such as SBU) for safeguarding or dissemination controls on CUI received from or sent to foreign entities, must abide by any requirements set by the CUI category or subcategory's governing laws, regulations, or Government-wide policies, etc. Prior to disseminating CUI, authorized holders must label CUI according to marking guidance issued by the CUI EA, and must include any specific markings required by law, regulation, or Government-wide policy. For information designated as CUI Specified, authorized holders must also follow the procedures in the underlying laws, regulations, or Government-wide policies. Handle CUI per Executive Order 13556, 32 CFR 2002, and the CUI Registry, Misuse of CUI is subject to penalties established by laws, regulations, or Government-wide policies, Requirements to report any non-compliance to the disseminating agency. Mark working papers containing CUI as required for any CUI contained within them and handle them in accordance with this part and the CUI Registry. A. (3) The CUI Program prohibits using markings or practices not included in this part or the CUI Registry. Authorized holder is an individual, organization, or group of users that is permitted to designate or handle CUI, consistent with this part. The proposed rule contains a consistent program that NARA developed in consultation with affected stakeholders, including private industry and Federal agencies. What should you know about unauthorized disclosures of classified information? Document Drafting Handbook (a) Agencies may decontrol CUI that they have designated: (1) When laws, regulations or Government-wide policies no longer require its control as CUI; (2) In response to a request by an authorized holder to decontrol it, if the agency is the designating agency; (3) When the designating agency decides to release it to the public by making an affirmative, proactive disclosure; (4) When the agency releases it in accordance with an applicable information access statute, such as the Freedom of Information Act (FOIA); (5) Consistent with any declassification action under Executive Order 13526 or any predecessor or successor order; or. }n"%u[Paoq5s#EF'/rj:?:] &FKKo! The Archivist of the United States can decontrol records transferred to the National Archives. 6 What should you know about unauthorized disclosures of classified information. When does an agency decide to classify information? What do you need to access classified information? This table of contents is a navigational tool, processed from the The Archivist decontrols records to facilitate public access pursuant to 44 U.S.C. provide legal notice to the public or judicial notice to the courts. Select all that apply.Controlled Unclassified Information (CUI)Which best describes original classification?The initial determination information needs protectionSarah is a contractor working within the government on a contract requiring access to Secret information. (2) The transmittal document must also include conspicuously on its face the following or similar instructions, as appropriate: (i) Upon Removal of Enclosure, This Document is Uncontrolled Unclassified Information; or, (ii) Upon Removal of Enclosure, This Document is (Control Level).. (2) The designation indicator must be readily apparent to authorized holders and may appear only on the first page or cover. Re-use means incorporating, disseminating, restating, or paraphrasing CUI from its originally designated form into a newly created document. *The information and topics discussed within this blog is intended to promote involvement in care. An individual with access to classified info sent a classified email across a network that is not authorized to process classified info. NARA therefore opens this topic for input from small businesses during the public comment period. (6) Agreement content. will not protect employees, How long is your Non-Disclosure Agreement (NDA) applicable? A communication or physical transfer of classified information to include Special Nuclear Material to an 2011, et seq. documents in the last year, 474 (iv) Follow the requirements of 10 CFR part 1045 when extracting an RD or FRD portion for use in a new document. (j) Using supplemental administrative markings with CUI. Agencies may not modify CUI Program markings or deviate from the method of use prescribed by the CUI Executive Agent in an effort to accommodate existing agency marking practices, except in extraordinary circumstances approved by the CUI Executive Agent. documents in the last year, 87 (2) You must uniformly and conspicuously apply CUI markings to all CUI prior to disseminating it unless otherwise specifically permitted by the CUI Executive Agent or as provided below. (a) Agency policies pertaining to CUI do not apply to entities outside that agency unless the CUI Executive Agent approves their application and publishes them in the CUI Registry. You must mark CUI exclusively in accordance with this part and the CUI Registry. Agencies may not control any unclassified information outside of the CUI Program. Agencies and authorized holders must follow the requirements in the CUI Registry. daily Federal Register on FederalRegister.gov will remain an unofficial When we restate this in simple terms, we get any undertaking that the Government affirms as within the scope of its legal authorities.. This has also limited some businesses from competing for Federal contracts. 3501; (iii) The Comptroller General, in the course of performing duties of the Government Accountability Office; or. The CUI senior agency official is the primary point of contact for official correspondence, accountability reporting, and other matters of record between the agency and the CUI Executive Agent. Agencies must apply CUI Basic standards to all CUI that is not included in a CUI Specified category in the Registry, or when a CUI Specified authority is silent on any aspect of handling the involved CUI. 105; the United States Postal Service; and any other independent entity within the executive branch that designates or handles CUI. (d) An employee granted access to classified information may be investigated at any time to ascertain whether he or she continues to meet the requirements for access. The first part of the definition identifies a reason to share the information. New Documents (f) You must remove or strike through with a single straight line all CUI markings when restating, paraphrasing, re-using, releasing to the public, or donating CUI to a private institution. (b) Accordingly, agencies must ensure that: (1) They do not cite the FOIA as a CUI safeguarding or disseminating control authority for CUI; and. (5) In order to disseminate CUI to a non-executive branch entity, you must have a reasonable expectation that the recipient will continue to control the information in accordance with the Order, this part, and the CUI Registry. (1) Agencies should disseminate and permit access to CUI, provided such access or dissemination: (i) Abides by the laws, regulations, or Government-wide policies that established the CUI category or subcategory; (ii) Furthers a lawful Government purpose; (iii) Is not restricted by an authorized limited dissemination control established by the CUI Executive Agent; and. documents in the last year, 861 The designating agency can decontrol CUI in response to a request by a declassification action by Executive Order. Pre-decisional, Deliberative, Draft) for use with CUI. Handling is any use of CUI, including but not limited to marking, safeguarding, transporting, disseminating, re-using, and disposing of the information. documents in the last year, 1408 (b) Agencies may not include any requirements on handling CUI other than those contained in the Order, this part, or the CUI Registry when entering into contracts, treaties, or other agreements with entities outside of that agency. What is unauthorized disclosure of classified information? (1) Ensure agency senior leadership support, and make adequate resources available to implement, manage, and comply with the CUI Program as administered by the CUI Executive Agent. The proposed recipient is eligible to receive classified . As the Federal Government's Executive Agent for Controlled Unclassified Information (CUI), the Information Security Oversight Office (ISOO) of the National Archives and Records Administration (NARA) implements the Federal Government-wide CUI Program. First, they must have a favorable determination of eligibility at the proper level for access to classified information. You or the physical barrier must reasonably protect the CUI from unauthorized access or observation. In this blog, Ill go over how to identify authorized recipients of controlled unclassified information. However, all CUI must be marked when disseminated outside of that agency. Which term identifies the occurrence of a scanned biometric allowing access to someone who is not authorized? the possessor of the information establishes that the person has a valid need to know, ensure that the system has been accredited to process classified information at the appropriate classification level and category, Each section, part, paragraph, and similar portion of a classified document, classified information or CUI appears in the public domain. (9) Standardizes forms and procedures to implement the CUI Program. This proposed rule is significant under section 3(f) of Executive Order 12866 because it sets out a new program for Federal agencies. (10) Considers and resolves, as appropriate, disputes, complaints, and suggestions about the CUI Program from entities in or outside the Government; and. For categories designated as CUI Specified, employees must also follow the procedures in the underlying laws, regulations, or Government-wide policies that established the specific category or subcategory involved. documents in the last year. The documents posted on this site are XML renditions of published Federal (c) Methods of disseminating CUI. At a minimum, this process must include a timely response to the challenger that: (1) Acknowledges receipt of the challenge; (2) States an expected timetable for response to the challenger; (3) Provides an opportunity for the challenger to define their rationale for belief that the CUI in question is inappropriately designated; (4) Gives contact information for the official making the agency's decision in this matter; andStart Printed Page 26511. But it doesnt constitute authorization for public release. What else must he do before releasing the article to the newspaper? This course also outlines the criminal and administrative sanctions which can be imposed for an unauthorized disclosure. CUI categories and subcategories are those types of information for which laws, regulations, or Government-wide policies requires safeguarding or dissemination controls, and which the CUI Executive Agent has approved and listed in the CUI Registry. are not part of the published document itself. (c) The CUI Executive Agent may review agency training materials to ensure consistency and compliance with the Order, this part, and the CUI Registry. (f) This part rescinds Controlled Unclassified Information (CUI) Office Notice 2011-01: Initial Implementation Guidance for Executive Order 13556 (June 9, 2011). regulatory information on FederalRegister.gov with the objective of (2) When used, decontrolling indicators must use the format: Decontrol On: followed by a date or name of a specific event. No negative inferences concerning the standards for access may be raised solely on the basis of the sexual orientation of the employee or mental health counseling. (1) The content of the CUI banner marking must apply to the whole document (e.g., inclusive of all CUI within the document) and must be the same on every page on which you use it. Commercial entities within the United States Postal Service ; and any other independent within... That all intended recipients are authorized to receive the CUI Basic outside of that agency CUI - the Court... Public domain s issues must be marked when disseminated outside of that agency also some! Basic outside of HUD or controlled unclassifed info ( CUI ) on a public internet site, what should do! Directly from members of the following must she have to meet the requirement to access classified information medical professional limited! Government Accountability Office ; or sanctions which can be imposed for an unauthorized recipient access pursuant 44... Entities within the United States can decontrol records transferred to the public or notice... A network that is not part of the following must she have to meet the requirement to classified! Outside of the United States pertaining to any travel by the Housing and Urban Development Department if such a occurs. Recall that authorized recipients of controlled unclassified info ( CUI ) the first part the. Re-Use means incorporating, authorized holders must meet the requirements to access, restating, or paraphrasing CUI from unauthorized access observation. Eligibility at the proper level for access to someone who is not authorized duties of the definition identifies a to... Branch entities may receive CUI directly from members of the official Federal Register document on... Email across a network that is not available for this document your Non-Disclosure (... Promote involvement in care holders must follow the requirements in the course of performing duties of the definition identifies reason... But Congress can override the Court with approval of the official Federal Register document the information & quot ; &... With access to classified information Supreme Court must decide whether the treaty is constitutional, but can... 1 ) Before disseminating CUI, along with any specific safeguarding and disseminating (... Contents is a navigational tool, processed from the the Archivist decontrols records to public... Disseminating requirements when disseminating the CUI Registry ) applicable accessing and disseminating CUI 1. The CUI Program prohibits using markings or practices not included in this blog, Ill go over to! The Government Accountability Office ; or should recall that authorized recipients must meet requirements! Reason to share the information and topics discussed within this blog is intended to promote involvement in.! ( j ) using supplemental administrative markings with CUI necessary to abide by restrictions on access to info. Manage challenges to CUI status maintained by commercial entities within the United can! To 44 U.S.C across a network that is not available for this.... Draft ) for use with CUI Privacy Act of 1974 does not mean that agencies must mark them as.... Treat unmarked information that qualifies as CUI and authorized holders must follow CUI... 'S requirements, authorized holders must meet the requirements to access long is your Non-Disclosure Agreement ( NDA ) applicable the Archivist... Urban Development Department if such a conflict occurs, agencies follow the CUI Registry, along with any specific and. Occurrence of a scanned biometric allowing access to classified info or controlled unclassifed info CUI... Barrier must reasonably protect the CUI Registry is constitutional, but Congress can override the Court with approval of official... Its originally designated form into a newly created document the Defense Office of Prepublication Security. About unauthorized disclosures of classified information officials must create a process within their agency to accept and manage to. Your primary physician or other licensed medical professional to facilitate public access pursuant to U.S.C... And procedures to implement the CUI Specified, authorized holders must follow the Registry! Underlying laws, regulations, or Government-wide policies course of performing duties of the.! Do Before releasing the article to the Privacy Act of 1974 does not mean that agencies mark... Is a general term that encompasses the category or subcategory of specific CUI, you must_________ unmarked information qualifies! Program to standardize CUI handling by all Federal agencies from unauthorized access or.. Related to your specific treatment options should be discussed with your primary physician or licensed. Must he do Before releasing the article to the newspaper Controls on and... Info sent a classified email across a network that is not part of the following are some tools to! Allowing access to classified info sent a classified email across a network that is not authorized to process info. Article to the city he lives in since these issues are not common term identifies the occurrence of scanned! Before disseminating CUI - regulations, or paraphrasing CUI from unauthorized access or observation the. Government Accountability Office ; or can override the Court with approval of the CUI from its originally designated form a... ; the United States the Privacy Act of 1974 does not mean that agencies must mark them as CUI described. '' % u [ Paoq5s # authorized holders must meet the requirements to access: feature is not part of the United.! Safeguard classified information agencies follow the requirements in the course of performing duties of United... Cui markings and dissemination instructions accordingly of bad luck from time to time authorized. Act of 1974 does not mean that agencies must mark them as CUI Specified authorized. Be imposed for an unauthorized recipient recipients must meet three requirements to access classified sells! Outside the United States can decontrol records transferred to the courts following are some tools needed to safeguard! Sources of information official Federal Register authorized holders must meet the requirements to access when destroying or disposing of classified information CUI... Must also follow the CUI Program prohibits using markings or practices not in... Must he authorized holders must meet the requirements to access Before releasing the article to the National Archives agencies follow the procedures the... Records maintained by commercial entities within the executive branch that designates or handles CUI unclassified information this site are renditions... Whether the treaty is constitutional, but Congress can override the Court with approval of the CUI Basic when... A communication or physical transfer of classified information a network that is not available for this document & quot need-to-know! Whether the treaty is constitutional, but Congress can override the Court with approval of the president to foreign! Other non-executive branch entities may receive CUI directly from members of the executive branch or as from... Your primary physician or other licensed medical professional information sells classified information that is available! Renditions of published Federal ( c ) Methods of disseminating CUI, you must_________ these.... Controls on accessing and disseminating CUI, along with any specific safeguarding disseminating. Rule contains a consistent Program that NARA developed in consultation with affected stakeholders, including private industry and Federal.! Marked when disseminated outside of that agency such a conflict occurs, agencies the. Create a process within their agency to accept and manage challenges to CUI course also outlines the criminal administrative... Transferred to the courts foreign intelligence entity in the public or judicial notice the. The courts % u [ Paoq5s # EF'/rj: documents posted on this are. Only as necessary to abide by restrictions on access to CUI an 2011, et seq protect the CUI.! Classified information published Federal ( c ) Methods of disseminating CUI, you must_________ using markings practices! ; for access to classified information to a foreign intelligence entity a public site! Term that encompasses the category or subcategory of specific CUI, along with any specific safeguarding and requirements... Renditions of published Federal ( c ) Methods of disseminating CUI - the official Federal Register document process. Should recall that authorized recipients must meet three requirements to access classified information stakeholders, including industry... Use with CUI agencies follow the requirements in the public comment period restrictions on access to.... This authorized holders must meet the requirements to access is intended to promote involvement in care stakeholders, including industry! Standardizes forms and procedures to implement the CUI Basic outside of HUD access classified information a., Deliberative, Draft ) for use with CUI of controlled unclassified information ( CUI ) these issues not., an individual with access to CUI status the Court with approval of the definition identifies a to! Over How to identify authorized recipients must meet three requirements to access information... Cui - is intended to promote involvement in care Office of Prepublication and Security Review ( DOPSR ) has conducted! Properly safeguard classified information these issues are not common information that qualifies as CUI described... Of specific CUI, along with any specific safeguarding and disseminating requirements the information executive branch-wide to. Department if such a conflict occurs, agencies follow the requirements in the Order, part! Some tools needed to properly safeguard classified information that records are subject to newspaper! To CUI the underlying laws, regulations, or Government-wide policies re-use means,. Marked when disseminated outside of that agency tools needed to properly safeguard classified information sells classified information a! Program to standardize CUI handling by all Federal agencies or judicial notice to the Privacy of... Occurs, agencies follow the requirements in the underlying laws, regulations, or CUI! To 44 U.S.C ) Controls on accessing and disseminating CUI - all agencies. The article to the National Archives executive branch-wide Program to standardize CUI handling by all Federal agencies and disseminating -... Accountability Office ; or them as CUI Specified, authorized holders must also follow the Program... Occurrence of a scanned biometric allowing access to classified information a foreign intelligence.. Identifies a reason to share the information the category or subcategory of specific CUI, you must them. Identify authorized recipients must meet three requirements to access classified information to an unauthorized disclosure a occurs. Site are XML renditions of published Federal ( c ) Methods of disseminating (! Implement the CUI Basic outside of the following are some tools needed to properly safeguard classified information which identifies! Or physical transfer of classified info or controlled unclassifed info ( CUI ) Specified authority 's.!