a:5:{s:8:"template";s:8969:"<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<meta content="width=device-width, initial-scale=1" name="viewport"/>
<title>{{ keyword }}</title>
<link href="https://fonts.googleapis.com/css?family=Noto+Serif%3A400%2C400i%2C700%2C700i&amp;ver=5.3.2" id="wp-editor-font-css" media="all" rel="stylesheet" type="text/css"/>
<link href="//fonts.googleapis.com/css?family=Oswald%3A400%2C300%7COpen+Sans%3A600%2C400&amp;ver=1.0.0" id="online-shop-googleapis-css" media="all" rel="stylesheet" type="text/css"/>
<style rel="stylesheet" type="text/css">@charset "UTF-8";.has-drop-cap:not(:focus):first-letter{float:left;font-size:8.4em;line-height:.68;font-weight:100;margin:.05em .1em 0 0;text-transform:uppercase;font-style:normal}.has-drop-cap:not(:focus):after{content:"";display:table;clear:both;padding-top:14px}.wc-block-product-categories__button:not(:disabled):not([aria-disabled=true]):hover{background-color:#fff;color:#191e23;box-shadow:inset 0 0 0 1px #e2e4e7,inset 0 0 0 2px #fff,0 1px 1px rgba(25,30,35,.2)}.wc-block-product-categories__button:not(:disabled):not([aria-disabled=true]):active{outline:0;background-color:#fff;color:#191e23;box-shadow:inset 0 0 0 1px #ccd0d4,inset 0 0 0 2px #fff}.wc-block-product-search .wc-block-product-search__button:not(:disabled):not([aria-disabled=true]):hover{background-color:#fff;color:#191e23;box-shadow:inset 0 0 0 1px #e2e4e7,inset 0 0 0 2px #fff,0 1px 1px rgba(25,30,35,.2)}.wc-block-product-search .wc-block-product-search__button:not(:disabled):not([aria-disabled=true]):active{outline:0;background-color:#fff;color:#191e23;box-shadow:inset 0 0 0 1px #ccd0d4,inset 0 0 0 2px #fff} .components-button:focus:not(:disabled){background-color:#fff;color:#191e23;box-shadow:inset 0 0 0 1px #6c7781,inset 0 0 0 2px #fff;outline:2px solid transparent}.components-button.is-tertiary:not(:disabled):not([aria-disabled=true]):not(.is-default):hover{color:#005d8c}body.admin-color-sunrise  transparent;outline-offset:-2px}.components-toolbar__control.components-button:not(:disabled):focus{outline:2px solid transparent}@font-face{font-family:'Noto Serif';font-style:italic;font-weight:400;src:local('Noto Serif Italic'),local('NotoSerif-Italic'),url(https://fonts.gstatic.com/s/notoserif/v8/ga6Kaw1J5X9T9RW6j9bNfFImajC-.ttf) format('truetype')}@font-face{font-family:'Noto Serif';font-style:italic;font-weight:700;src:local('Noto Serif Bold Italic'),local('NotoSerif-BoldItalic'),url(https://fonts.gstatic.com/s/notoserif/v8/ga6Vaw1J5X9T9RW6j9bNfFIu0RWuc-VJ.ttf) format('truetype')}@font-face{font-family:'Noto Serif';font-style:normal;font-weight:400;src:local('Noto Serif'),local('NotoSerif'),url(https://fonts.gstatic.com/s/notoserif/v8/ga6Iaw1J5X9T9RW6j9bNfFcWbQ.ttf) format('truetype')}@font-face{font-family:'Noto Serif';font-style:normal;font-weight:700;src:local('Noto Serif Bold'),local('NotoSerif-Bold'),url(https://fonts.gstatic.com/s/notoserif/v8/ga6Law1J5X9T9RW6j9bNdOwzfReedA.ttf) format('truetype')} html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0;-ms-word-wrap:break-word;word-wrap:break-word}aside,footer,header,nav{display:block}a{background:0 0}a:active,a:hover{outline:0}body{background:#fff;color:#2d2d2d;font-family:'Open Sans',sans-serif;font-size:14px;line-height:22px}.wrapper{margin:0 auto;width:1200px}a{color:#07afd4;text-decoration:none;transition:all .3s ease-in-out 0s;-webkit-transition:all .3s ease-in-out 0s;-moz-transition:all .3s ease-in-out 0s}p{margin:0 0 16px}h3{font-weight:700;line-height:1;margin:0 0 16px}h3{font-size:18px}ul{margin:0;padding:0}.main-navigation li,.site-title,.widget-title,h3{font-family:Oswald,sans-serif;font-weight:400;line-height:1.1}@media (max-width:1229px){*{box-sizing:border-box;-webkit-box-sizing:border-box;-moz-box-sizing:border-box}.wrapper{width:980px}}@media screen and (max-width:992px){.wrapper{padding:0 5px;width:96%}}.main-navigation ul{list-style:none;margin:0;padding-left:0}.main-navigation li{border-image:none;display:inline-block;float:left;font-size:14px;position:relative}.main-navigation a{display:block;text-decoration:none}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}*{box-sizing:border-box;-webkit-box-sizing:border-box;-moz-box-sizing:border-box}.widget{margin:0 0 1.5em}.widget:after{display:table;content:'';clear:both}.site-title{float:none;font-size:28px;margin:0;line-height:1.3}.site-title:hover{color:#2d2d2d}.header-wrapper{padding:20px 0}.responsive-slick-menu{display:none}.navigation-wrapper{padding-top:20px}.header-wrapper #site-navigation{min-height:50px;position:relative;display:block;border-top:1px solid #dedede;border-bottom:1px solid #dedede;-webkit-box-shadow:0 17px 11px -21px rgba(0,0,0,.75);-moz-box-shadow:0 17px 11px -21px rgba(0,0,0,.75);box-shadow:0 17px 11px -21px rgba(0,0,0,.75);background:#fff}.header-wrapper .header-main-menu .menu{position:relative}#menu-primary-menu{margin-left:-15px}.header-wrapper .menu li a{color:#2d2d2d;display:block;font-weight:400;letter-spacing:1px;line-height:normal;padding:20px 15px;position:relative;text-transform:uppercase}.header-wrapper .acmethemes-nav{float:left}.online-shop-enable-special-menu .acmethemes-nav{float:right;width:calc(100% - 255px)}.site-logo{width:22%;float:left;position:relative}.header-main-menu.wrapper{position:relative}@media (max-width:1229px){.site-logo{float:none;text-align:center;width:100%}}@media screen and (max-width:992px){.header-wrapper .header-main-menu .menu{position:absolute}.header-main-menu{height:58px}.header-wrapper .menu li>a{padding:18px 10px}.responsive-slick-menu{display:block}.header-wrapper .header-main-menu .menu{display:none}.header-wrapper .menu>li:not(:first-child){margin-left:0}}.footer-wrapper{background:#272823;color:#fff}.footer-columns{margin-left:-10px;margin-right:-10px}.footer-columns .footer-sidebar{padding-left:20px;padding-right:20px}.footer-copyright{color:#ababab}.footer-copyright{background:#161614;margin-top:-1px}.footer-wrapper .widget-title{color:#fff}#footer-top,.footer-wrapper .footer-copyright{padding:30px 0}.site-info{width:30%;float:right;text-align:right;margin-top:15px}.site-info>span:after{clear:both;display:table;content:''}#footer-top{border-bottom:1px solid #444}.site-footer{margin-top:40px}@media screen and (max-width:992px){.footer-wrapper{padding:30px 0 0}}@media screen and (max-width:767px){.site-info{text-align:center;width:100%;float:none}}@media screen and (max-width:767px){.wrapper{width:96%}}.widget-title{margin:0}.at-title-action-wrapper{font-size:20px;font-weight:500;margin-bottom:15px;padding:30px 0 20px;position:relative;min-height:41px;margin-bottom:40px}.at-title-action-wrapper::before{content:'';display:inline-block;left:0;position:absolute;text-transform:uppercase;width:24%;border-bottom:2px solid #0263ca;bottom:-1px}.acme-col-4{float:left;width:25%}@media screen and (max-width:480px){.acme-col-4{width:100%}}.footer-wrapper .at-title-action-wrapper,.footer-wrapper .at-title-action-wrapper:before{border:none;margin:0}</style>
</head>
<body class="custom-background theme-online-shop">
<div class="hfeed site" id="page">
<header class="site-header" id="masthead">
<div class="header-wrapper clearfix">
<div class="wrapper">
<div class="site-logo">
<div class="site-title-tagline">
<p class="site-title">
{{ keyword }}</p>
</div> </div>
</div>
<div class="clearfix"></div>
<div class="navigation-wrapper">
<nav class="main-navigation online-shop-enable-special-menu clearfix" id="site-navigation">
<div class="header-main-menu wrapper clearfix">
<div class="acmethemes-nav">
<ul class="menu" id="menu-primary-menu"><li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-home menu-item-439" id="menu-item-439"><a href="#">Home</a></li>
<li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-546" id="menu-item-546"><a href="#">ABOUT</a></li>
<li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-547" id="menu-item-547"><a href="#">Contact</a></li>
</ul> </div>
</div>
<div class="responsive-slick-menu clearfix"></div>
</nav>
</div>
</div>
</header>
<div class="content-wrapper clearfix">
<div class="wrapper site-content" id="content">
<div class="clear"></div>
{{ text }}
</div>
</div>
<div class="clearfix"></div>
<footer class="site-footer" id="colophon">
<div class="footer-wrapper">
<div class="top-bottom wrapper">
<div id="footer-top">
<div class="footer-columns clearfix">
<div class="footer-sidebar footer-sidebar acme-col-4">
<aside class="widget widget_text" id="text-3"><div class="at-title-action-wrapper clearfix">
<h3 class="widget-title">Related</h3></div> <div class="textwidget">
{{ links }}
</div>
</aside> </div>
</div>
</div>
<div class="clearfix"></div>
</div>
<div class="footer-copyright">
<div class="wrapper">
<div class="site-info">
<span>
{{ keyword }} 2021</span>
</div>
</div>
<div class="clearfix"></div>
</div>
</div>
</footer>
</div>
</body>
</html>";s:4:"text";s:28653:"Answer: It depends on which CUI category applies to the information in question, there are numerous Privacy categories of CUI. 32 CFR Part 2002 (CUI Implementing Regulation), Controlled Unclassified Information at the National Archives. Please refer to the CUI blog post on NSA Article: “Working from Home? Question: When contractors generate and mark CUI, what designator should be used? Question: When sharing legacy documents via email (e.g. Question: What about those that have in their signature line that their correspondence is FOUO? What, if anything, precipitated them? NPS All-Hands Training. . Answer: Yes, that is the goal. Answer: Questions regarding the pace and plans to implement the CUI Program within the DOD can be directed to: osd.pentagon.ousd-intel-sec.mbx.dod-cui@mail.mil. The FAR is expected to be released for public comment in the summer of 2020. This course is mandatory training for all of DoD and Industry personnel with access to controlled unclassified information (CUI). b. Or is it required to have a marking preceding each paragraph, table, figure containing CUI? True Who is responsible for applying cui markings and dissemination instructions? DFARS 252.204-7012 is a contract requirement for defense contractors that handle or might handle Controlled Unclassified Information (CUI). Bottom line, do i have to id CUI in a class banner. However, as agencies are still in the process of implementing the CUI program, be sure to follow any existing requirements directing the marking or protection of unclassified information. Question: Is there a list of executive agencies CUI covers? Limited Dissemination Control Markings. Answer: Upon request and based on available resources, the CUI Executive Agent is available to provide additional briefings and training to stakeholders. We have asked for it, based on the registry. Banner markings appear next to each applicable authority, indicating how they should be marked. Upon the implementation of the CUI Program within an agency, the use of legacy markings must cease. CUI documents … Select and Use Collaboration Services More Securely”. Training Desktop Aids DoD CUI Registry What's New? Some contracts may require industry to generate CUI, if so, they would be responsible to apply markings. (No CAC Required) This course is mandatory training for all of DoD and Industry personnel with access to controlled unclassified information (CUI). Questions regarding the status and marking requirements should be directed to contracting activities. Question: Are there specific requirements on how to destroy CUI physical documents? The CUI Registry provides guidance on how to mark CUI based on the underlying authorities. The CUI Registry maintains a list of all registered program officials or contact information. Answer: The CUI Registry was not intended to be a resource for the average user of CUI. Answer: CDI (covered defense information) is not a category of CUI but rather an overarching term that could include CUI.  D. DoD military, civilians, and contractors - Correct Answer. If the information type you are needing to protect is not reflected on the CUI Registry and you believe there is a gap, please contact your agency’s CUI Program Manager so they can initiate a formal review and if needed start the process to establish a provisional category of CUI. Question: Is there a lists of agencies that have adopted CUI? Answer: CFRs (code of federal regulations) are not Controlled Unclassified Information. Question: If an Agency adopts CUI, and the clause is included in the contract, then is the Contractor required to adopt correct? 1. Any CUI shared with industry should be marked accordingly. Answer: Export control information may be either basic or specified, depending on the underlying authority that applies to the information in question. See the Export control category: https://www.archives.gov/cui/registry/category-detail/export-control.html. The course provides information on the eleven training requirements for accessing, marking, safeguarding, decontrolling and destroying CUI along with the procedures for identifying and reporting security incidents. Select and Use Collaboration Services More Securely”  Employees should consult with their designated program office prior to sharing CUI via webex. Question: If CUI basic must be marked “CUI” or “Controlled”, when will all CFRs (online and hardcopy) be appropriately marked. ANNUAL ONLINE TRAINING & ACKNOWLEDGEMENTS DoD Cyber Awareness Challenge & Digital Version of Acceptable Use Policy (AUP) To Take the Course or Sign the AUP: >Click “Login” top tab >Click “CAC Login” >Select appropriate Branch, Type, & MACOM from “Drop Down” prompts & click “Confirm” >Select “Cyber Awareness … The new Cyber Awareness Challenge is now available. And if it is probably CUI and not marked, am I as a contractor liable for protecting the information on my network as CUI. Question: ITAR Technical Data has its own protections from DDTC. Answer: Please see part two of the CUI Marking Handbook. Please see the marking list that contains banner markings that can be applied for CUI Categories. Answer: Currently, there is not a list of agencies that have adopted the CUI Program. Answer: Some agencies and vendors have been working to develop an automated tool to assist employees with marking CUI. This website provides frequently-assigned courses, including mandatory annual training, to DOD and other U.S. Government and defense industry personnel who do not require transcripts to fulfill training requirements for their specialty. See: https://www.archives.gov/files/cui/documents/20161206-cui-marking-handbook-v1-1-20190524.pdf, Question: The DoD has a DoD CUI registry, how does it relate to the NARA CUI registry. Question: Can CUI be stored on a shared network by industry contractors if strong protections are applied, or should it be kept on a separate secured system or network? Categories reflected on agency CUI Registry should be based on those listed on the national CUI Registry. Does it follow current classification guidance or is there an additional requirement for CUI. Answer: Questions regarding the marking/protection of CUI in association with a contract should be directed to the contracting activity. DoD Mandatory Controlled Unclassified Information (CUI) Training Is ITAR data always CUI Specific, or only when designated by a government agency? Answer: Upon the implementation of the CUI Program within agencies, legacy practices (for marking) must cease. Answer: The designation indicator requirements for CUI basic and specified are identical and must be included for both. Question: CUI can be shared in collaborative environments and forums, to include a teleconference, that meet the required cybersecurity requirements. Question: If a document is marked CUI//SP-PRVCY//Fed Only, do you still have to encrypt or password protect the document? Question: Will CUI Training be available through CDSE? Answer: Portion marking in the CUI Program is optional, though it may be directed in agency policy or contracts/agreements. Agency policy/procedure should reflect this distinction and where applicable, cite specific handling or dissemination requirements. Answer: All agencies of the Executive branch are required to implement the CUI Program. The CUI Executive Agent develops training modules for the CUI Program, designed for a widespread audience at multiple levels within the government and beyond. See NIST SP 800-88. Question: What is the banner configuration when you have classified and CUI in the same document. This includes CUI identification, Answer: In association with a contract, it would be CUI if the information in question aligned to an existing category of CUI. Answer: Agencies (and organizations) must provide guidance to employees regarding approved/authorized systems where CUI can be handled. About Us. The meta-data standard should assist developers in creating automated/assisted marking tools. Who can decontrol cui? Employees should verify that the webex technology aligns to the safeguards prescribed by the agency and by those described by 32 CFR 2002 (i.e. by , posted in Common questions. Question: Do we have a list of items that fall under CUI? Underlying authorities will determine whether or not a category will be marked as specified or basic. Question: Do emails containing CUI need to be encrypted? CUI. Our office has developed a number of resources that can assist users in understanding the relationship between FOIA and CUI. Answer: Any questions regarding the status of information should be directed to the originator. Contractors do not have to remark sensitive information shared or produced by them in association with existing or prior contracts. Markings do serve as an alert to users of what is being shared. Answer: The CUI Marking handbook has specific guidance regarding the commingling of CUI and CNSI. information may be cui in accordance with, law, regulation, or government-wide policy, the correct banner marking for UNCLASSIFIED documents with CUI is, the correct banner marking for a comingled document containing TOP SECRET, SECRET, or CUI is, I don't have a security clearance, so I don't have to get a prepublication review, In order to obtain access to CUI, an individual must first have, administrative, civil, or criminal sanctions may be imposed if there is an unauthorized disclosure of CUI, the subset of CUI for which the law regulations or government-wide policy does not set out specific handling or dissemination controls, what is the purpose of the isoo cui registry, the subset of cui for which the law, regulations, or government-wide policy contains specific handling controls that it requires or permits agencies to use. what is controlled unclassified information (cui)? Answer: CMMC uses some of the requirements found in the 32 CFR 2002 (CUI Implementing directive), specifically, the NIST SP 800-171. PII is considered CUI. Applicant files that contain CUI should be marked as such. Question: If portion marking is not required how is the recipient supposed to know what data needs to be marked as a carry forward derivative marking? Reference: DoDI 5200.48, Controlled Unclassified Information (CUI), para. Answer: It depends on the terms of the contract. What is the difference between FOUO and CUI? See NIST SP 800-53, NIST SP 800-171. Answer: Yes. Question: Is there a tool for email marking? There is no prohibition on sharing or providing access to industry contractors, as long as all of the cyber security requirements are met and the information is shared in accordance with any limited dissemination control markings, contract stipulations, and a lawful government purpose determination. Any and all USG markings should only be applied in accordance with the contract or agreement. Will that practice need to stop upon implementation and will there be a digital tool to assist in proper marking of CUI in outlook and other document creation tools like MS Word. Contact Us OSD Components. Answer: Maybe. Question: Would the designation indicator be used with CUI Basic or only CUI Specified controls? Question: For contracts with DoD agencies, should the contracting officer tell the contractor what is CUI and how it should be marked? 7008 and 252.204-7012. Authorized holder of the information at the time of creation. Access the Official DoD CUI Program Website This course is mandatory training for all of DoD and Industry personnel with access to controlled unclassified information (CUI). If possible, specific contact information should be included (name, phone number, email address, etc). Answer: The CUI Program is mandatory for Executive branch agencies and to any non-federal entities and their subcontractors who contract with and act on behalf of the Federal Government. Legacy waivers are issued by agencies. Question: Is CDI (what we use ) the same as CUI? Answer: Yes, collaborative environments used to share or process CUI must meet the minimum standards for protecting CUI. It also established the official DoD CUI Registry, which we will discuss later in the training. Please see the Controlled Environments video for additional guidance: https://www.archives.gov/cui/training.html, Question: You just mentioned that there is training you can give. Below are answers to the questions that were asked during April 23rd CUI marking class (Webex). DOD CUI Program; DOD Mandatory Controlled Unclassified Information (CUI) Training; Policy Documents. (No CAC Required) This course is mandatory training for all of DoD and Industry personnel with access to controlled unclassified information (CUI). CUI may be stored in controlled environments. The course provides information on the eleven training requirements for accessing, marking, safeguarding, decontrolling and destroying CUI along with the procedures for identifying and reporting security incidents. The questions my leader asked today was if CUI can be shared on WebEx, so it looks like as long as the markings are on presentations? Question:Will USCIS apply this program to the applicant files? At the time of creation of CUI material the authorized holder is responsible for determining: A. CUI category, CUI markings and dissemination instructions - Correct Answer. Answer: The CUI Registry lists all approved categories of CUI. If an agency elects to issue such waivers, it must still take reasonable steps to inform the users of the existence of CUI upon transmission to external entities. Question: My company interacts with the NRC. Answer: Please see the Privacy categories listed on the CUI Registry. For industry, the program goes into effect when referenced in contracts and agreements. Question: For call in only certificates, who do we email for the certificate? Question:: How does CUI marking enable compliance with 5 U.S.C. unclassified information requiring safeguarding and dissemination controls, pursuant to and consistent with applicable laws, regulations, and gov-wide policies, what dod instruction implements the dod cui program, dodi 5200.48, controlled unclassified information, cui documents must be reviewed according to which procedures before destruction, what level of system and network configuration is required for cui, at the time of creation of cui material the authorized holder is responsible for determining, cui category, cui markings, and dissemination instructions, what marking (banner and footer) acronym (at a minimum) is required on a dod document containing controlled unclassified information, it is mandatory to include a banner marking at the top of the page to alert the user that cui is present, who is responsible for applying cui markings and dissemination instructions, authorized holder of the information at the time of creation. Question: The legacy waiver is sought by the agency, right? Controlled environment is any area or space an authorized holder deems to have adequate physical or procedural controls (e.g., barriers or managed access controls) to protect CUI from unauthorized access or disclosure. https://www.archives.gov/cui/about/contact.html#contact-an-agency. Answer: For agencies, the CUI Program will go into effect when the agency issues a policy that reflects the standards of the program. Any requirements to safeguard CUI on systems should be conveyed in applicable contracts or agreements with the government. Question: These are fairly significant changes to the marking system. Question: Does the Agency determine if CUI is Specified vs Basic? I think it still applies, right? The Registry is meant for program officials who are responsible for developing policy and procedure for their agency. The NIST SP 800-171 is the minimum standard for protecting CUI on non-federal systems. Answer: CUI Markings are not sufficient to ensure the protection of the information. Answer: Contractors are bound by the terms of their contracts or agreements with the government. 2.2. If a coversheet is used, interior pages do not need to be marked. Military & Civilian Mandatory Training. Follow all agency policy regarding approved systems or applications  for CUI. The bottom line is most US Department of Defense (DoD) contractors and subcontractors must comply with DFARS 7012, because most of us operate and store Controlled Unclassified Information (CUI). See: https://www.archives.gov/cui/training.html. *NEW REQUIREMENT - PRIORITY ACTION* FY21 All Hands Stand-down to Address Extremism in the Ranks This training was broadcast Live via MS Teams on 16 Mar 2021.For those that were unable to attend, please watch the video and … Question: Will there be information/guidance regarding products that automate tagging for emails and documents? Limited Every agency of the executive branch is required to implement the CUI Program (https://www.usa.gov/branches-of-government). See the Export Controlled category: https://www.archives.gov/cui/registry/category-detail/export-control.html. While many CUI Categories would align to exemptions under FOIA, there is not a direct relationship between CUI categories and FOIA exemptions. • There’s no point doing work if others don’t know about it or can’t understand what you did. Answer: To receive a certificate for participating through the call (not able to connect to the webex), please send an email to cui@nara.gov. Free CUI Training from Department of Defense. Answer: No. Question: We utilize an on-site shredding service, is this method approved for destroying CUI? Agency policies, contracts, or agreements may contain more specific guidance as to how this element should be filled out. As the agency transitions to the standards of the CUI Program, FOUO/SBU-type markings will eventually be phased out. Answer: No. Answer: CUI should not be shared on a webex that is accessible to the public or that does not meet the above requirements. CUI waiver requests for DoD information systems (IS) and networks. To address these problems, this order establishes a program for managing this information, hereinafter described as Controlled Unclassified Information, that emphasizes the openness and uniformity of Government-wide practice.”. Answer: Many agencies have elected to develop a mirror registry that reflects the CUI Categories commonly handled by their workforce. Question: Is portion marking optional? Prior to using any Webex technology to share CUI, we advise verifying with organization/agency officials to ensure that proper safeguards are in place on the system and that the technology has been cleared/authorized for use with CUI. Question: What are the storage requirements for CUI in hard copy form (paper, disk, media)? Question: So would the CMMC certification level requirements be reflected in the “Limited Distribution” section? Question: Is this also related to CMMC (katie arrington). Who is responsible for marking documents as CUI? Answer: Yes. or can it be left on a desktop overnight in a locked office? If portion markings are used or required under your contract with an agency, they must be used throughout the document. Question: When there is CUI//SP in a classified doc, is a CUI header required alongside the class marking? All of the above Upon transmission outside of the component element, the CUI must be marked or identified in accordance with the standards of the CUI Program. what marking (banner and footer) acronym (at a minimum) is required on a dod document containing controlled unclassified information cui it is mandatory to include a banner marking at the top of the page to alert the user that cui is present Please also see CUI blog post titled: NSA Article: “Working from Home? Question: If a Contractor develops CUI under a contract (i.e. When there is a question regarding the status of information contained within a document that will be used, consult the originator. Question: It has been difficult to determine basic or specified; for example, it seems some ITAR information is basic, other is specified, but it’s not very clear to determine. the moderate confidentiality baseline). Question: You just said use of CUI is only mandatory for the government. Under the new Federal Acquisition Regulation (FAR), a standard form is being contemplated that will require this level of granularity in all contracts where CUI is involved. CMMC certification levels are not dissemination controls. Most agencies have already issued policies and most are projected to have policies issued by December of 2020. Take Training. Not the contractor/licensee? Question: What do you mean “when it CUI leaves the agency”. Unlike with classified national security information, DoD personnel at all levels of responsibility and across all mission areas receive, handle, create, and disseminate CUI. 13526 and DoDM 5200.01 When classified information or Controlled Unclassified Information (CUI) is transferred or transmitted to a system that lacks the appropriate security level or required access controls, this is a _________. We expect this standard to be available for public comment in the coming months (May/June). Question:: Our company uses WebEx so it is approved on our systems. DOD CUI Program. What is the best way to capture the LES information as CUI or is it anticipated to be standalone with legacy markings ? The 2021 version is an annual refresh including some minor updates such as new case studies for Insider Threat, Malicious Code, Mobile Devices, Home Computer Security, and Social Engineering, added content regarding disinformation campaigns, Internet of Things (IoT), and Controlled Unclassified Information (CUI) and a revised … Answer: As organizations implement they should ensure that products and services for destruction align to the standards of the CUI Program. Question: As to PII, is it CUI basic or specified (is that the same as the category SP-Privacy Information)? What is CUI Specified? Under DODI 5200.48, the Under Secretary of Defense for Policy is responsible for policies and procedures relating to disclosing CUI to foreign governments, NATO, and other agreements, as well as requirements for CUI to be identified in international agreements, arrangements, and contracts that have licensing export controls to foreign partners. The CUI Program is a Government-wide program that standardizes the way the executive branch manages unclassified information that requires safeguarding or dissemination controls required by law, Federal regulation, and Government-wide policy. Question: Could you clarify the statement that the average user isn’t intended to use the registry but that the Agency program office should say what is CUI? It is mandatory to include a banner marking at the top of the page to alert the user that cui is present? Also, what if the Contract has the clause, but the Agency has not provided documentation marked CUI, but the Contractor believes they are developing CUI internally, are they required to mark accordingly? Question: How would contractor generated drawings be marked if they fall into controlled technical information? Answer: Portion markings, in the unclassified environment, are optional. The CUI Registry contains information on what the banner markings should be based on the authorities. CUI Control Markings and Category Markings are separated by two forward slashes (//). Answer: Yes. Question: Does CUI have the same “Need-to-Know” requirements as FOUO? Answer: Questions regarding the pace and plans to implement the CUI Program within the DOD can be directed to: osd.pentagon.ousd-intel-sec.mbx.dod-cui@mail.mil. CUI must be encrypted in transit. Question: On DoD contracts, we’ve seen CUI checked in the DD254 for over a year now but DoD hasn’t adopted this. Currently we mark SBU or FOUO because of the PII contained within. The CUI Control Marking (mandatory) may consist of either “CONTROLLED” or “CUI.” CUI Category Markings (mandatory for CUI Specified). About Us Contact. In other words, if we as a contractor are doing an internal R&D effort with ITAR data, would this be CUI//SP? Question: Coversheet = the first tab you see when you open a spreadsheet? Answer: CUI markings do not speak directly to FOIA exemptions. 3.4. What is our responsibility under our contract. Where should DoD employees look for guidance on safeguarding classified information? Generally, the sharing of CUI should be limited to only the degree necessary to support current operations. The subset of CUI in which the authorizing law, regulation, or government-wide policy contains specific handling controls that it requires or permits agencies to use. CUI policy provides a uniform marking system across the Federal Government that replaces a variety of agency-specific markings, such as FOUO, LES, SBU, etc. Question: Our contracting officer is not providing the category of CUI. Please see the CUI Marking Handbook for specific guidance. The reason for this is that the CUI Registry cites to applicable laws, regulations, and government wide policies. Question: Can you advise whether today’s scope is only CUI / DFARS (NIST 800-171) or covering some of the overlapping domains with CMMC L3 too, as the later became mandatory for DoD Government contracts from 07/2020. Question: Can CUI information be shared on WebEx? Every agency of the executive branch is required to implement the CUI Program … See https://www.usa.gov/branches-of-government. Question: Is there a lists of agencies that have adopted CUI? There are plans to publish a meta-data tagging standard for CUI Categories. Answer: Hard copy CUI must be stored in an area or container that would prevent unauthorized access. • DoD’s legacy “FOUO” marking was authorized to protect UNCLASSIFIED information that “may be exempt from mandatory disclosure under the Freedom of Information Act (FOIA).” • The CUI Program developed a common marking system … Current CFRs can be found on publicly available websites [https://gov.ecfr.io/cgi-bin/ECFR?page=browse]. Department of Defense Instruction (DODI) 5200.48 Controlled Unclassified Information e stablishes the DOD CUI Program and establishes policy, assigned responsibilities, and prescribes procedures for CUI throughout the DoD in accordance with Executive Order (E.O.) Training Toolkits As part of the phased DOD CUI Program implementation process, the designation, handling, and decontrolling of CUI (including CUI identification, sharing, marking, safeguarding, storage, dissemination, destruction, and records management) will be … Answer:  Generally, when an agency issues a limited waiver for marking CUI that remains under their control, CUI does not need to be marked. Agencies or organizations that produce CUI products that will likely be used to create additional documents (as described) should apply portion marking to facilitate the proper application of markings. 7. CUI should not be shared on a webex that is accessible to the public or that does not meet the above requirements. Answer: Executive order 13556, Purpose, section 1 : “At present, executive departments and agencies (agencies) employ ad hoc, agency-specific policies, procedures, and markings to safeguard and control this information, such as information that involves privacy, security, proprietary business interests, and law enforcement investigations. f. Coordinates with the CUI EA on DoD Component CUI waiver requests. Answer: No. Question: If it is not marked CUI from the Agency and we assume it is CUI, as a contractor, can I mark it or do I need to go back to the originator for guidance. When including multiple categories they are separated by a single forward slash (/). It requires all military, civilian employees and contractor personnel complete initial and annual CUI training. It’s very confusing as to when we are supposed to start seeing/marking CUI on these contracts. Answer: Not necessarily for spreadsheets, markings can be applied to the headers of the document. (NIST SP 800-53 moderate confidentiality, NIST 800-171, or fedramp moderate depending on what the system is and who owns it). Questions regarding the status of CUI and marking requirements should be directed to the contracting activity. Answer: This question likely relates to limited waivers issued within the agency. It is our understanding that DoD is working to develop CUI Training and that some CUI Training may be included on CDSE, who will be required to take the training and what training requirements it will meet are still to be decided by DoD. ";s:7:"keyword";s:39:"hoover quest 700 replacement side brush";s:5:"links";s:720:"<a href="http://dl.downloadina.net/a60gfau/dairy-brain-fog-reddit-d672c1">Dairy Brain Fog Reddit</a>,
<a href="http://dl.downloadina.net/a60gfau/best%27%27-in-swahili-d672c1">Best'' In Swahili</a>,
<a href="http://dl.downloadina.net/a60gfau/croods-2-amazon-prime-price-d672c1">Croods 2 Amazon Prime Price</a>,
<a href="http://dl.downloadina.net/a60gfau/divide-symbol-iphone-d672c1">Divide Symbol Iphone</a>,
<a href="http://dl.downloadina.net/a60gfau/what-does-marines-stand-for-joke-d672c1">What Does Marines Stand For Joke</a>,
<a href="http://dl.downloadina.net/a60gfau/iracing-dirt-setups-2020-d672c1">Iracing Dirt Setups 2020</a>,
<a href="http://dl.downloadina.net/a60gfau/lil-poppa-age-d672c1">Lil Poppa Age</a>,
";s:7:"expired";i:-1;}