CUI Fundamentals
Description
The United States Federal Government's Controlled Unclassified Information ("CUI") program completely transforms the way unclassified information is shared and handled by and with the government. The CUI program impacts not only federal employees, but also government contractors and others who interact with the federal government.
The CUI program is a transformational change for the government which involves fundamental rethinking of the way the government identifies and safeguards unclassified, but still sensitive, information. These same identification and handling requirements also extend to anyone to whom the government gives CUI, and even to those whom the government hires to create CUI.
As a federal employee or government contractor, you must understand at least the basics of the CUI program. Even if you think that you do not currently handle CUI.
CUI Fundamentals gives walks you through the basics of the CUI program. Written as a series of 100 questions and easy to understand answers, CUI Fundamentals answers questions such as:
- What motivated the government to create the CUI program?
- What is the difference between classified information, CUI, and FCI?
- What is the difference between designating and marking information as CUI?
- Who is authorized to designate information as CUI?
- Who is authorized to mark information as CUI?
- How should government contractors handle legacy information?
- How should government contractors handle information they suspect to be CUI?
And much more! Pick up your copy today to learn the fundamentals of the CUI program!
More details
Person
Content
Topics covered include:
Chapter 1: About this Book.
Chapter 2: CUI Program History
- Where did the CUI program come from?
- Is the CUI program going away?
Chapter 3: CUI Program Overview
- What are some of the goals of the CUI Program?
- What are some of the advantages of this new approach?
Chapter 4: FCI and CUI
- What is FCI?
- Then what is CUI?
- What is the difference between CUI and FCI?
- What is the difference between CUI Basic information and CUI Specified information?
- Can information ever stop being CUI?
Chapter 5: Designating and Marking CUI
- What is the difference between designating and marking information as CUI?
- Who is authorized to designate information as CUI?
- Does a government contractor inherently have CUI designation authority?
- When must CUI be marked?
- Who determines how to mark information as CUI?
Chapter 6: Copies and Derivative Works
- Must copies of CUI be marked as CUI?
- How should copies of CUI be marked?
- How do I know when my derivative work is "different enough" to no longer be CUI?
- Can't we "just" mark all information as CUI?
- Can we treat all information as though it is CUI?
Chapter 7: Legacy Information
- Is all information with legacy markings automatically CUI?
- What can happen to someone who misdesignates information as CUI or mishandles CUI?
Chapter 8: Accessing and Disseminating CUI
- To whom can CUI Basic be disseminated?
- What is a lawful government purpose?
- What is the difference between lawful government purpose and need-to-know?
- If someone is an authorized holder of one type of CUI, are they an authorized holder for all types of CUI?
- What are limited dissemination controls?
- What are some examples of limited dissemination controls?
- What should I do if I accidentally disseminate CUI to someone who isn't an authorized holder?
- Does accidental dissemination of CUI automatically make it public information?
Chapter 9: Receiving CUI
- If information isn't marked as CUI, then it isn't CUI, right?
- What should I do with information I received that I think is CUI, but it isn't marked as CUI?
- What should I do with information marked as CUI Specified, but which does not include the LRGWP to look to for the additional requirements?
Chapter 10: Safeguarding the Government's Information
- Must FCI be protected?
- How must CUI be safeguarded in federal IT systems?
- Do those same requirements apply to non-federal systems?
- How do we know if our company meets the requirements in NIST SP 800-171?
- Do we need policies and procedures for every requirement?
- What is the difference between a policy, procedure, and plan?
- What kind(s) of evidence should we collect?
- Can our cleaning crew access rooms where CUI is stored?
- Can we bring visitors into a room where CUI is accessible?
Chapter 11: Government Contractors and CUI
- How should contractors handle legacy information?
- Are government contractors authorized to designate information as CUI?
- How do agencies tell contractors that information the contractor will create has been designed as CUI?
- Are government contractors authorized to mark information as CUI?
- Are government contractors authorized to designate their own information as CUI?
- How should contractors handle suspected CUI?
