​CUI Program Update to Stakeholders​​ (Webinar link and call-in ​information)

​​The next scheduled webinar will be 15 May 2018 (1-3 EDT). 
P​lease use the following to access the webinar:
Dial-in Number:  800-988-0218
Audience passcode: 2160962

Conference number: PWXW7483514

Participants can join the event directly at:
https://www.mymeetings.com/nc/join.php?i=PWXW7483514&p=2160962&t=c

 

The webinar will include:

  • A brief overview of the CUI program;
  • An update on agency implementation efforts;
  • A review of all existing notices, policies, training and resources currently available from the CUI Registry;
  • The status and plans for a CUI Federal Acquisition Regulation Rule; and
  • Time for Questions and Answers.  Note:  During the webinar, participants may submit questions through the instant messenger feature.

Slides from CUI Briefing to Stakeholders on 2/15/2018

We had great attendance in our webinar yesterday with some great participation in the Q&A period. Thank you to all those who attended. The following topics were covered during the webinar:

A brief overview of the CUI program;
A summary of the upcoming changes to the CUI Registry;
An update on agency implementation efforts;
A review of all existing notices, policies, training and resources currently available from the CUI Registry;
The status and plans for a CUI Federal Acquisition Regulation Rule; and
Time for Questions and Answers.
Please see the slides attached: Feb 15, 2018 Webex

Q&As from the webinar will be posted soon.

CUI Program update to stakeholders

​The next scheduled webinar will be February 15, 2018 (1-3 EDT). All subscribers to the CUI Blog will receive links and call-in information to access the webinar prior to the event. The webinar will include:

  • A brief overview of the CUI program;
  • A summary of the upcoming changes to the CUI Registry;
  • An update on agency implementation efforts;
  • A review of all existing notices, policies, training and resources currently available;
  • from the CUI Registry;
  • The status and plans for a CUI Federal Acquisition Regulation Rule; and
  • Time for Questions and Answers.

ISOO Issues First CUI Notices of 2018

On January 24, 2018, ISOO issued two CUI Notices, one with recommendations for CUI Basic Training, and another regarding the agreements required for sharing CUI between Executive Branch entities and their non-Executive Branch partners.

The Notice on CUI Basic Training (CUI Notice 2018-02) recommends common learning objectives and curriculum design content, training delivery methods, and testing objectives, for Executive Branch entities to incorporate in their required basic-training courses on CUI.  The Notice presents these recommendations in the form of a table based on the first three levels of Bloom’s Taxonomy, a classification benchmark for learning objectives that is widely accepted by training professionals.

The Notice on Agreements (CUI Notice 2018-01) provides guidance and recommendations on how information-sharing agreements between Executive Branch entities and their non-Executive Branch partners must convey CUI Program requirements.  The Notice excludes reference to guidance for information-sharing with foreign entities.

The Notice explains that as Executive Branch entities implement their own CUI policies, they must negotiate modifications to existing agreements in compliance with the CUI Program.  When feasible, Executive Branch entities should enter into written agreements that include explicit CUI requirements.

Such agreements must require non-Executive Branch partners to handle CUI in accord with the CUI Program, subject to applicable penalties, while also stipulating that non-Executive Branch partners must follow methods approved by the Executive Branch entity in reporting any non-compliance with CUI requirements.

As a best practice, the Notice recommends that agreements between Executive Branch entities and their non-Executive Branch partners: 1) identify categories of CUI and specific handling, safeguarding, or dissemination requirements for CUI shared under the agreement; 2) state where the terms of the agreement will be performed; and, 3) indicate specific technical requirements for protecting the CUI, as well as whether a federal or non-federal information system will be used to process, store or transmit it.

NIST issues update for NIST SP 800-171, Revision 1

NIST announces the release of an errata update for Special Publication 800-171, Revision 1Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The errata update includes minor changes to the publication that are either editorial or corrective in nature.

 

nist sp 800-171.1 2.png