There’s a completely new look on the horizon for the identification of CUI products. One part involves the individual document(s); the other involves all the other media forms. Also, the color for the new forms is purple, and thus it will be instantly distinguishable from all other forms!
The CUI coversheets themselves have been reduced to one, and while that one is reminiscent of the Optional Forms (OF) 901, OF 902 and OF 903, and OF 903, it has evolved into the Standard Form (SF) 901. It can be downloaded from either the ISOO or General Services Administration (GSA) website. It is still a fillable form and is provided at no cost (see ISOO Notice 2019-01). You may continue to use the old forms until existing supplies have been depleted, however they can no longer be downloaded. The SF 901 is available for download immediately, and as before, once it is affixed to the top of the document(s), it remains attached until the document(s) no longer requires protection, is properly secured, and/or is decontrolled or destroyed.
The new SF 902 is is a standard size label, much like the ones authorized for classified media, and is used to identify and protect electronic media and other media that contain CUI. It is used instead of the SF 901 for media other than documents. If your agency determines, as part of its risk management strategy, that a standard size label is required, the SF 902 will be used. It must be affixed to the medium containing CUI in a manner that would not adversely affect operation of the equipment in which the medium is used, and once it has been applied, it cannot be removed. This form is not yet available, but soon will be. It is expected to be available for purchase through GSA, but the exact date is yet to be determined. Also it will be not be downloadable, as it comes in a pad of about 50 sheets (5-1/4 X 4-1/4″ sheet of six 2-1/8 X 1-1/4″ labels), and its cost is to be approximately $25.00 per pad.
The new SF 903 is a thumb drive size label The SF 903 is used to identify and protect electronic media that contains CUI. If your agency determines, as part of its risk management strategy, that a thumb drive size label is required, the SF 903 will be used. The SF 903 is affixed to a thumb drive containing CUI in a manner that would not adversely affect either operation of the drive or operation of the medium in which it is inserted, and as with the SF 902, once it has been applied, it cannot be removed. This form also is not yet available, but soon will be. It is expected to be available for purchase through GSA, but the exact date is yet to be determined. Similar to the SF 902, this form will not be downloadable, as it comes in a pad of about 50 sheets (5-1/4 X 4-1/4″ sheet of twelve 2-1/8 X 5/8″ labels), and its cost is to be approximately $25.00 per pad.
Please direct any questions regarding this post to: CUI@nara.gov
ISOO has developed seven new training modules. These videos offer the most up-to-date information about the CUI Program.
Agencies (and stakeholders) may wish to use these videos to supplement their CUI Program training. However, it is important to note that ISOO does not track completion of these modules, so if your organization wishes to require viewing of these videos as part of your CUI training program, you must download and run them from organization’s training platform. MP4 versions will be made available for download from the CUI Registry in the coming weeks.
The CUI Executive Agent has created a resource to help better understand how to send, reply and/or, forward emails with CUI markings. Please click here for more information.
by Mark Riddle
Markings during phased implementation
Agencies can waive the requirement to re-mark legacy information with the new CUI markings while the CUI is in their control. The CUI Program does not require the agencies to re-mark unless reusing and sharing the information with others outside of their agency. In addition, because the CUI regulation also contains flexibility in handling such things as existing on-line databases with numerous PDF documents, a flash screen may suffice to alert users that a law, Federal regulation, or Government-wide policy requires safeguarding and dissemination controls.
The principles for marking CUI are the same when sending email; the banner must appear at the top portion of the email. In addition to the banner marking, an indicator Continue reading “Marking email”