by Mark Riddle
Markings during phased implementation
- When can I start using the CUI markings and following the requirements of the CUI Program?
Until directed by your agency’s guidance, executive branch employees and contractors supporting Government agencies must not use CUI markings and other CUI requirements.
- When will CUI markings and practices take effect?
Your agency will create guidance and training that will address how and when to mark information CUI. Since each agency is following its own timeline for implementation, you
may begin to receive information marked as CUI before your own agency begins implementing the Program.
- What do I do if I receive marked CUI and my agency has not yet implemented the program?
Follow your agency’s guidance in how to handle such marked information.
- Why do we need to mark our information?
Markings allow recipients to tell at a glance that they have something that requires protection. Not marking CUI would result in failure to adequately identify unclassified information requiring control, or lead to unauthorized disclosure and improper handling. The results could subject employees, contractors, partners, and other recipients of CUI to an increased likelihood of sanctions for mishandling information that laws, Federal regulations, and Government-wide policies require them to handle as CUI.
- What is always required when marking CUI?
The CUI banner markings and designation indicators are required when marking CUI.
- When do agencies use a category/subcategory in the marking?
Category markings are mandatory in the case of CUI Specified; and used for CUI Basic when required by agency policy (encouraged). Category markings are approved by the CUI EA and are associated with the categories and subcategories listed in the CUI Registry.
Designation and administrative indicators
- What is a designation indicator and what are the best ways to display it on a document?
A designation indicator is a required marking that must be included on the first page (or cover page) of a document to inform the holder of the information of what agency created that information. It must indicate what agency created the information, but may include more information as well, like the office, address, email, or phone number.
This information can be displayed by using agency letterhead or including a “Controlled by” line on the first page.
- What if a law, Federal regulation, or Government-wide policy requires a specific indicator?
For some CUI Specified, there may be required indicators prescribed by law, Federal regulation, or Government-wide policy. These indicators must not be included in the CUI banner or portion markings, but must appear in a manner readily apparent to authorized personnel and consistent with the requirements of the relevant law, Federal regulation, or Government-wide policy.
- How do supplemental administrative markings or indicators (e.g., “draft,” “predecisional,” “deliberative”) coexist with CUI markings?
Administrative markings must not be incorporated into CUI banners or duplicate any marking in the CUI Registry. They may be used only to indicate the non-final status of documents under development to avoid confusion and maintain the integrity of an agency’s decision-making process. Follow your agency’s CUI guidance for requirements on using supplemental administrative markings.
Marking ‘legacy’ information
- How will sensitive unclassified information that was marked prior to implementation of the CUI Program be handled?
Sensitive unclassified information that was marked prior to the implementation of the CUI Program which meets the standards for CUI is considered legacy information. Agencies are not required to review and re-mark legacy information until and unless the information is re-used, restated, or paraphrased. Once an agency has implemented the CUI Program, legacy markings such as FOUO must not be carried forward and new documents containing the information must be marked in accordance with the requirements of the Program.
- Are portion markings required for CUI?
Portion marking of CUI is not required except when commingled with classified information. When not commingled with classified information, agency policies may require portion marking to facilitate information sharing and proper handling of the information.
- What do I do if I receive CUI in an unclassified environment that is portion marked and I need to reuse some of the information in a new document?
Your agency will provide guidance on whether you can use CUI portion markings. Agencies are permitted and encouraged to portion mark all CUI to facilitate information sharing and proper handling.
- What does the “(U)” portion marking mean?
When portion markings are used, a “U” is placed in parentheses to indicate that the portion contains uncontrolled unclassified information. The use of this marking does not mean that the portion is available for immediate public release. Employees must release information to the public in accordance with applicable agency release policies and procedures.
Limited dissemination control markings
- What are Limited Dissemination Control markings?
Agencies may place additional limits on disseminating CUI only through the use of the limited dissemination controls approved by the CUI Executive Agent and published in the CUI Registry. These limited dissemination controls are separate from any controls that a CUI Specified law, Federal regulation, or Government-wide policy requires or permits. Follow your agency’s guidance on the application of limited dissemination controls and corresponding markings.
CUI markings and FOIA
- Does marking information as CUI preclude the information from being reviewed and potentially released if it is requested under the provisions of the Freedom of Information Act (FOIA) or otherwise considered for public release?
Marking and designating information as CUI does not preclude information from release under the FOIA or preclude it from otherwise being considered for public release.