Securing Government Data: The Creation of Controlled Unclassified (CUI) Information

Are you familiar with Controlled Unclassified Information (CUI)? If not, you’ve come to the riht place. CUI was established by Executive Order 13556 on November 4, 2010, and the prescribed Government-wide implementation standards were prescribed in 32 Code of Federal Regulations Part 2002 on September 14, 2016.

CUI is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws, regulations and government wide policies. It is important to note that CUI is not classified information uner Executive Order 13526 “Classified National Security Information” or the Atomic Energy Act, as amended. Rather, it’s something else entirely — an important part of our nation’s security infrastructure.

So what exctly does CUI involve? Essentially, it requires that all CUI be stored or handled in controlled environments that prevent or detect unauthorized access. Access must be limited and controlled within the workforce by establishing electronic barriers. When reproducing or faxing CUI material, only agency-approved equipment may be used; look for signs on approved equipment to ensure you are using the appropriate machinery.

It is clear why this type of information must be safeguarded and handled carefully — failure to do so could have serious repercussions for our country’s security and stability. As such, it is important for everyone to understand their role in ensuring the safe storage and handling of CUI material.

Hopefully this brief overview has given you a better understanding of CUI material and its importance at the time of its creation back in 2010.

The Creation of CUI

CUI (Controlled Unclassified Information) was created on November 4, 2010, when President Obama issued Executive Order 13556, whch established the CUI program. This Executive Order was supplemented by Part 2002 of the 32 Code of Federal Regulations, which prescribed Government-wide implementation standards and took effect on September 14, 2016.

at the time of creation of cui material

What is CUI?

Controlled Unclassified Information (CUI) is information that is not classified as national security information, but still requires additional security measures to protect it from unauthorized access and use. CUI is subject to specific laws, regulations, and government-wide policies that determine how the information should be safeguarded and disseminated. Examples of CUI include personally identifiable information (PII), export-controlled data, confidential business information, and sensitive law enforcement records. It is also important for organizations to ensure that CUI is marked appropriately so that it can be identified as such when shared with other parties.

Protecting Controlled Unclassified Information (CUI)

The correct ways to protect CUI include controlling access to it, limiting who can access it, setting up electronic barriers for unauthorized access, and using agency-approved equipment when reproducing or faxing the information. Access should be restricted to only those personnel with a need-to-know and must be granted by management personnel with the appropriate security clearance. It is important that any devices used for storing or handling CUI are secure and monitored regularly for unauthorized access. Additionally, all communications regrding CUI should be encrypted as much as possible. Finally, all personnel with access to CUI must receive training on proper handling and storage of the data.

The Definition of CUI Material

CUI (Controlled Unclassified Information) is informtion created or owned by the United States Government that requires safeguarding or dissemination controls to protect it from unauthorized disclosure. It is not classified information and does not require the same level of security measures as classified information, but it does need to be protected in accordance with applicable laws, regulations, and government-wide policies. Examples of CUI include personally identifiable information, confidential business information, critical infrastructure information, proprietary information, and sensitive but unclassified (SBU) material. The National Archives and Records Administration (NARA) has issued guidelines for safeguarding CUI based on the risk of unauthorized disclosure.


In conclusion, Controlled Unclassified Information (CUI) is an important and necesary component of government operations. It requires special protections to ensure that sensitive information is kept confidential and that unauthorized access is prevented. CUI must be stored or handled in controlled environments with established electronic barriers to limit and control access within the workforce. When reproducing or faxing CUI, agencies must use only approved equipment, indicated by signs on the equipment. By following these guidelines, government entities can ensure that CUI remains secure and confidential and is not put at risk of unauthorized access.

Photo of author

William Armstrong

William Armstrong is a senior editor with, where he writes on a wide variety of topics. He has also worked as a radio reporter and holds a degree from Moody College of Communication. William was born in Denton, TX and currently resides in Austin.