NIST Regulations for Controlled Unclassified Information (CUI)

Organizations that work with U.S. government agencies, or want to compete to do so, must meet new data handling procedures. In December 2017, the National Institute of Standards and Technology (NIST) Special Publication 800-171 standards and guidelines were introduced, regulating the management of government data while residing in, processed by or traversing through nonfederal information systems.

Known as Controlled Unclassified Information (CUI), this information is used by nonfederal external service providers to perform a wide range of business functions not typically suited for government agencies. These external service providers bring to bear state of the art technologies, capabilities and resources that would otherwise not be available to the government in the execution of their missions.

Government bodies, their commercial contractors and subcontractors must maintain compliance with NIST SP800-171 standards and guidelines throughout the contract’s lifecycle where CUI is involved. To ensure this, all documents, drawings and emails containing CUI must be appropriately marked, and marking must clearly be visible in the header and footer of documents.

The Executive Agent (EA) has created and manages a publicly available CUI registry, which specifies, by category and subcategory, which marking must be applied to a particular data subject. The registry also details procedures relating to the handling, safeguarding and control of the data as it moves through nonfederal systems. The marking is central to ensuring that CUI data is handled and secured in an appropriate way, and is only accessible to users who need to work with it, such as for a particular project.

For more information, download the fact sheet which includes:

  • CUI Overview
  • What defines how CUI should be controlled
  • How to find the correct marketing for CUI
  • How Boldon James can help

Please complete the adjoining form to request it.

1,000+ happy customers trust Fortra's Boldon James.
See why by requesting a personalised demo.

Raytheon Logo
Societe Generale Logo
Volkswagen Logo

5 Steps To Effective
Data Protection


Gartner Peer Insights Logo

"Great product
for user awareness"

Very good customer support for implementation and operations. The product is great for improving user awareness of data classification.

"Great Customer Satisfaction and a well integrated product"

The Boldon James Engineers are very supportive in assisting with deployments, queries and handling issues.

"Helps to easily understand and implement classification"

Implementation is rather easier than other competitive products, administration console is also easier to understand and everything relevant to classification is there.

Why choose
Fortra Data Classification

With unrivalled customer service and best-of-breed data protection and governance solutions,
we are helping many of the world’s most successful organisations take control of their business data.
Everyday, our customers enjoy more effective, secure and streamlined operations -
protecting their business critical information and reducing risk.

Cloud Security

We integrate with powerful data security and governance ecosystems.


We protect business critical data, improve data control and reduce risk.

Group 38795

We deliver improved and streamlined business performance.


We are a “safe pair of hands” that constantly deliver success.