NIST Regulations for Controlled Unclassified Information (CUI)
Organizations that work with U.S. government agencies, or want to compete to do so, must meet new data handling procedures. In December 2017, the National Institute of Standards and Technology (NIST) Special Publication 800-171 standards and guidelines were introduced, regulating the management of government data while residing in, processed by or traversing through nonfederal information systems.
Known as Controlled Unclassified Information (CUI), this information is used by nonfederal external service providers to perform a wide range of business functions not typically suited for government agencies. These external service providers bring to bear state of the art technologies, capabilities and resources that would otherwise not be available to the government in the execution of their missions.
Government bodies, their commercial contractors and subcontractors must maintain compliance with NIST SP800-171 standards and guidelines throughout the contract’s lifecycle where CUI is involved. To ensure this, all documents, drawings and emails containing CUI must be appropriately marked, and marking must clearly be visible in the header and footer of documents.
The Executive Agent (EA) has created and manages a publicly available CUI registry, which specifies, by category and subcategory, which marking must be applied to a particular data subject. The registry also details procedures relating to the handling, safeguarding and control of the data as it moves through nonfederal systems. The marking is central to ensuring that CUI data is handled and secured in an appropriate way, and is only accessible to users who need to work with it, such as for a particular project.
For more information, download the fact sheet which includes:
- CUI Overview
- What defines how CUI should be controlled
- How to find the correct marketing for CUI
- How Boldon James can help
Please complete the adjoining form to request it.