What are the legacy information requirements under the provisions for CUI with DoDI 5200.48?

Arlington Security Portal - Show on: Side Bar

There is no requirement for redacting or re-marking of documents bearing legacy markings. However, for any new document created with information derived from legacy material, it then must be marked as CUI if the information qualifies as CUI. Additionally, DoD legacy information does not automatically become CUI because it must first be reviewed by the owner of the information for determining if it meets the CUI requirements.

Source: https://www.dodcui.mil/Portals/109/Documents/Policy%20Docs/DoDI%205200.48%20CUI.pdf

Need to Implement a DoD CUI Program? Talk to Arlington

DoD contractors - and other contractors providing services to federal agencies - need to have in place established policies, procedures, and processes regarding CUI that’s resident within their information systems. What federal contractors need is a CUI Program. Arlington can help, as we offer the following CUI services and solutions:

CUI Scoping & Gap Assessments
CUI Policy Development
CUI Identification
CUI Contractual Language Review
CUI Marking (Digital)
CUI Marking (Physical)

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

DoD Strategy & Advisory

FedRAMP for DOD Contractors

TPRM & Supply Chain

NISP eMASS DCSA

Cybersecurity

Config. Mgmt.

NIST 800-171

Data Privacy

DoD Cloud Security

CMMC

vCO & vCISO

Awareness / Threat Training

Risk Assessments

FISMA

CP & IR

Non-DoD NIST RMF

About Arlington

Expertise

Focus

Values

DoD Briefs

Case Studies

FAQ's

What are the legacy information requirements under the provisions for CUI with DoDI 5200.48?

Arlington Security Portal

SERVICES

RESOURCES

ABOUT