Controlled Unclassified Information (CUI)

A common question is “What is Controlled Unclassified Information (CUI)?”

ANSWER: Controlled Unclassified Information (CUI) is difficult to provide a simple answer to. The authoritative source that defines CUI is the US National Archives with the CUI Registry. However, for most businesses that have to address NIST 800-171 and/or Cybersecurity Maturity Model Certification (CMMC), the focus is on a subset of CUI, Controlled Technical Information (CTI). "Technical Information" means technical data or computer software. Examples of technical information include:

Understanding Requirements For CUI

The best place to start is with understanding Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, since that establishes the definitions and need to protect CUI.


Browse Our Products

  • Digital Security Program (DSP)

    Digital Security Program (DSP)


    Digital Security Program (DSP) - Enterprise-Class, Hybrid Framework For Cybersecurity & Privacy The DSP is an enterprise-class solution for cybersecurity & privacy documentation consisting of thirty-three (33) domains that defines a modern,...

    Choose Options

Find Out Exclusive Information On Cybersecurity