In response to agency requests, we are proposing revisions to the CUI Registry’s list of categories and subcategories to make it easier to navigate and understand. We’ve started with some small organizational changes that we hope will address confusion about the difference between categories and subcategories, clarify a few of the category names, and make it easier to find types of CUI on the Registry listing. These revisions are: Continue reading “Agency review: Proposed category-subcategory list changes for easier use”
Employees that handle CUI in the course of doing agency business are not expected to go directly to and interpret the laws, Federal regulations, and Government-wide policies to determine what unclassified information is controlled, nor will they be responsible for interpreting those authorities and assessing what requirements apply to a given document in their hands or on their systems. They will be going to their agency information management policies, on which they are trained. This is what takes place now and will continue in the future. However, with the advent of the CUI Program and oversight functions, agency policies will be reviewed periodically to ensure they are in line with CUI Program requirements and underlying authorities, and to ensure they are providing sufficient information for employees to carry out both the required protections and permissible sharing.
The CUI Registry is a listing of the categories/subcategories of CUI that are required (or permitted) to be protected by law, Federal regulation, and Government-wide policy. While the Registry was compiled through agency submissions, the entirety of those submissions were vetted to ensure that the text in the law, Federal regulation, or Government-wide policy identified an information type and called for (or permitted) the protection of the information. By bringing all these authorities together in one place for Continue reading “The CUI Registry and reform”