Employees that handle CUI in the course of doing agency business are not expected to go directly to and interpret the laws, Federal regulations, and Government-wide policies to determine what unclassified information is controlled, nor will they be responsible for interpreting those authorities and assessing what requirements apply to a given document in their hands or on their systems. They will be going to their agency information management policies, on which they are trained. This is what takes place now and will continue in the future. However, with the advent of the CUI Program and oversight functions, agency policies will be reviewed periodically to ensure they are in line with CUI Program requirements and underlying authorities, and to ensure they are providing sufficient information for employees to carry out both the required protections and permissible sharing.