Controlled Unclassified Information (CUI)

Controlled Unclassified Information Framework

What is the Controlled Unclassified Information (CUI) Framework?

The CUI Framework refers to the policies and procedures governing the designation, marking, safeguarding, and dissemination of CUI terrorism-related information that originates in departments and agencies, regardless of the medium used for the display, storage or transmittal of such information.

Within the CUI Framework, the President’s memorandum outlines what information can and cannot be designated as CUI. The CUI Framework includes two levels of safeguards – Controlled and Controlled Enhanced. It also includes two levels of dissemination – Standard and Specified.

Under the CUI Framework, all CUI will be categorized into one of three combinations of safeguarding procedures and dissemination controls, which will be indicated through one of the three identified markings:

  • Controlled, Standard
  • Controlled, Specified
  • Controlled Enhanced, Specified

The CUI Framework is a critical part of a larger effort to create an Information Sharing Environment (ISE) that will facilitate the sharing of terrorism-related information. Because the CUI Framework provides for standardized handling of information, it supports the individual missions of departments and agencies and enhances the ability to share vital terrorism-related information among Federal, State, local, tribal, private sector, and foreign partners. Implementing the CUI Framework will further the ISE and help departments and agencies better manage their information.

The CUI Office, with the advice of the CUI Council, will develop and issue detailed CUI policy standards and implementation guidance for the CUI Framework.

Why was the CUI Framework Developed?

The CUI Framework was created to standardize “Sensitive But Unclassified” (SBU) practices and thereby improve information sharing.

“Sensitive But Unclassified” refers collectively to the various designations used within the Federal Government for documents and information that are sufficiently sensitive to warrant some level of protection but not national security classification. Even though most SBU markings are based on statutory direction to protect the information, each agency was left to specify the details of implementing the protections. This ungoverned process resulted in the creation of more than 107 unique markings and over 130 different labeling or handling processes and procedures for SBU information.

This confusing array of SBU practices impeded the sharing of terrorism-related information, especially with non-federal partners. These SBU sharing practices also often failed to control the flow of information that should not be shared.

The global nature of the threats facing the United States requires that our Nation’s entire network of defenders be able to rapidly share information so that those who must act have the information they need. In addition, the U.S. Government must protect sensitive information and the information privacy and other legal rights of Americans. It is essential to create a framework that will enhance our ability to share vital terrorism-related information among Federal, State, local, tribal, and Private Sector entities, and foreign partners.

How was the CUI Framework Developed?

In 2004, Congress passed and the President signed the Intelligence Reform and Terrorism Prevention Act (IRTPA). IRTPA calls for the development of an Information Sharing Environment (ISE) to facilitate the sharing of terrorism and homeland security information among Federal, State, local, and tribal governments and, as appropriate, foreign governments and the private sector.

On December 16, 2005, the President issued a Memorandum to the Heads of Executive Departments and Agencies on the Guidelines and Requirements in Support of the Information Sharing Environment. This memorandum prioritized the efforts that the President believed were most critical to the development of the ISE. Guideline 3 of this memorandum included Presidential direction to federal departments and agencies to recommend standardized SBU procedures for terrorism-related information.

To complete these recommendations, a SBU Coordinating Committee (CC) was created under the Information Sharing Council (ISC). The SBU CC was chaired by the Program Manager for the Information Sharing Environment (PM-ISE) and included senior-level representatives from:

  • Department of State
  • Department of Defense
  • Department of Transportation
  • Department of Energy
  • Department of Justice
  • Department of Homeland Security
  • Federal Bureau of Investigation
  • Office of the Director of National Intelligence
  • National Security Council
  • Homeland Security Council
  • Office of Management and Budget

Additionally, the SBU CC sought and received input from the National Archives and Records Administration (NARA), the Information Security Oversight Office, the Controlled Access Program Coordination Office, the Information Sharing Council, the Global Justice Information Sharing Initiative, and other State, local and tribal partners and the Private Sector. The SBU CC submitted recommendations to the President for a new CUI Framework.

Based on these recommendations, the President released the Memorandum for the Heads of Executive Departments and Agencies on the Designation and Sharing of Controlled Unclassified Information on May 9, 2008. This memorandum defined CUI and set forth the basic policies of the CUI Framework and the CUI governance structure.

Top of Page

PDF files require the free Adobe Reader.
More information on Adobe Acrobat PDF files is available on our Accessibility page.

The U.S. National Archives and Records Administration
8601 Adelphi Road, College Park, MD 20740-6001
Telephone: 1-86-NARA-NARA or 1-866-272-6272