Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

An Arlington Case Study

CUI Case Study II

Our Goal

Assist a small (44 employees) defense contractor (client) based in Georgia in implementing a structured and well-documented Controlled Unclassified Information (CUI) program as mandated by DoDI 5200.48.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client, a small defense contractor, had won two (2) DoD contracts, both of which required them to have a CUI program in place as stipulated within DoDI 5200,48. Additional challenges included the following:
  • No Clear Understanding of a CUI Program: The client was aware that they needed to develop CUI policies, procedures, and processes, yet were unclear on how to build an actual ‘CUI Program’ into their operations.
  • Unclear Understanding of CUI itself. The client, like many DoD contractors, incorrectly viewed CUI as a categorization, thus, was unaware that it was actually a process driven program requiring numerous measures to be put into place.
  • Challenges with Contractual Requirements: The client had numerous contracts that called for safeguarding provisions for CUI, yet with no actual CUI program in place, they were extremely concerned about possible violations and breach of contract issues.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Met with senior leadership and provided a complete strategy and plan-of-attack for developing and implementing a CUI program with structured and well-defined policies, procedures, and processes.
  • Met with key stakeholders within various departments/divisions for the organization, earning acceptance and support for what would be an aggressive timeframe for project implementation and completion.

Challenges Solved

  • Successfully educated all key stakeholders on exactly CUI, the importance of protecting it, along with numerous other issues.
  • Identified all known categories of CUI within the client’s environment, along with creating process flow documentation showing how CUI is collected, stored, used and, ultimately, destroyed, as needed.
  • Developed comprehensive CUI policies and procedures, and conducted additional training seminars to key stakeholders on the various regulatory and contractual requirements relating to the safeguarding of CUI.
  • In summary, developed a CUI program that met all requirements as outlined within DoDI 5200.48.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the importance of sound CUI practices.
  • The broader topic of CUI was now viewed in a multi-dimensional value proposition that not only helps with stronger information security, but with enhanced business development opportunities, and increased client satisfaction and other related measures.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Sidebar

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered

Related Case Studies