CUI Program Development for DoD and other Federal Contractors | Controlled Unclassified Information
Large amounts of unclassified information exist throughout the federal bureaucracy that ultimately requires safeguarding or dissemination control. In 2010, Executive Order 13556 established an open and uniform program for managing information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies.
Furthermore, DoDI 5200.48 put forth numerous strict CUI requirements for DoD contractors. Additionally, per the National Institute of Standards and Technology (NIST), “The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions.”
In short, federal contractors need to have in place established policies, procedures, and processes regarding CUI that’s resident within their information systems. What federal contractors need is a CUI Program. Arlington can help. Additional ervices for data privacy include Data Governance, PIA Assessments, Data Mapping, Data Classification, along with building customized Data Privacy Programs.
Corresponding Case Studies
Need a CUI Program? We Can Assist
Why Arlington for CUI Program Development?
Trusted and well-known all throughout the DoD industry.
Years of experience working with the NARA CUI Groupings and Categories.
Proven and efficient methodologies, all at fixed-fee pricing.
CUI Scoping & Gap Assessments
Arlington offers comprehensive CUI scoping & gap assessments for helping federal contractors gain a true understanding of what an actual CUI program entails, what deficiencies exist within one's environment, and what’s needed for putting all the pieces in place for implementing a successful program for safeguarding CUI. Our scoping & gap assessment also helps educate federal contractors on the various groupings and categories of CUI (per NARA), how to identify and mark CUI, and much more.
CUI Policy Development
Having well-written, clearly defined policies and procedures for CUI is critically important as employees need to be aware of their roles, responsibilities, and overall duties in terms of safeguarding CUI. More specifically, a well-written CUI policy and procedure document includes coverage on how CUI is safeguarded, categorized, accessed, marked, used, shared, stored, disclosed, disposed of, and more. With a rock-solid CUI policy in place, it creates a high degree of awareness - and accountability - for all users who come into contact with CUI.
Identifying what is considered CUI within one’s environment begins by determining what “Organizational Index Grouping” and the associated “CUI Categories” a contractor falls under. Then, by assessing the “Category Description” you’ll have a solid understanding of what types of CUI are resident in your information systems. Arlington can assist with all efforts in helping federal contractors accurately assess and identify the exact types of CUI they have within their environments, both digital and non-digital.
CUI Contractual Language Review
Understanding contractual requirements when it comes to CUI is becoming more important as the entire CUI program takes root throughout the federal bureaucracy. With increased cybersecurity and privacy regulations, along with growing security threats, federal contractors are going to see a notable emphasis on CUI within their contracts. Arlington can help review, assess, and determine your CUI needs in relation to contracts.
CUI Marking (Digital)
Digital marking requirements regarding CUI is one of the most important measures to undertake when embarking on a CUI program. From emails to internal memorandums, presentations, and more, federal contractors have large amounts of CUI resident within their information systems (i.e., ‘resident in nonfederal systems’). Furthermore, per DOPSR20-S-2093 - ‘Controlled Unclassified Information Markings’ - 09/03/2020 - there are strict guidelines for marking CUI that must be followed, for which Arlington can assist with.
CUI Marking (Physical)
From USB drives to hard-copy documentation - and more - there’s still a tremendous amount of CUI being circulated in the federal bureaucracy that’s non-digital. Federal contractors have strict responsibilities to not only safeguard physical CUI, but to also mark it accordingly. Arlington can assist in identifying and successfully marking all physical CUI.