Controlled Unclassified Information (CUI): What, When, How

Рет қаралды 2,837

Күн бұрын

Пікірлер: 9

@RichardDunkley-p6b Жыл бұрын

This is still confusing to me. If i develop a general purpose computer chip on a DoD contract for a military application it is CUI, but if i develop that same chip on a non-gov contract it isn’t? How do we know if something is "subject to controls on the access, use, reproduction modification, performance, display, release, disclosure, or dissemination" for CTI?

@jhovadroc 5 ай бұрын

Definitely lotta tounge twister..lol..REGARDLESS. FABULOUS JOB..LOVED IT👏🏿👏🏿👏🏿👏🏿👏🏿👏🏿👏🏿👏🏿👏🏿👏🏿👏🏿👏🏿🔥🔥🔥🔥

@zjyub Жыл бұрын

Lota of tongue twisters, especially at the 1:46 mark... WOW! NICE JOB

@drmayojr 2 жыл бұрын

Great video... the question on a lot of the DIB's mind revolves around export controlled data... I have a friend who works in a DIB company. His contention is that all export controlled data is CUI because it is on the CUI Registry. I don't think that is true. There is a lot of export controlled data that has nothing to do with a Defense or Government contract. For instance, up until a few years ago, the latest versions of the Windows operating system was export controlled... But, your version on your machine, not in the DIB mind you, should not have been considered CUI and therefore was not under the control of FAR/DFARS/NIST 800-171/CMMC... If data is export controlled, but is not created by, for or on behalf of the federal government, it is not CUI, I believe, based on the definition of CUI in 32 CFR ...2002.4 (h) Controlled Unclassified Information (CUI) is information ***THE GOVERNMENT CREATES OR POSSESSES, OR THAT AN ENTITY CREATES OR POSSESSES FOR OR ON BEHALF OF THE GOVERNMENT***, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. Emphasis is mine above.... If {{{THE GOVERNMENT CREATES OR POSSESSES, OR THAT AN ENTITY CREATES OR POSSESSES FOR OR ON BEHALF OF THE GOVERNMENT}}} is not true, then the data is not CUI... What are your thoughts?

@toddstanton10 2 жыл бұрын

I would agree with your conclusion that export controlled information qualifies to be CUI but if it was not created by the Government or on behalf of the Government then it does not meet the definition of CUI. The same would hold true for any information that meets any of the CUI categories, such as PII. If the information is not created or possessed by the Government or a contractor operating on behalf of the Government, then it would not be considered CUI.

@kinnion Жыл бұрын

To confirm: If as the originator, I mark CUI, the integrity of the marking will remain regardless of who or how many many times the message is distributed (e.g., replies, forwards)? And what about mobile devices? Will the messages be accessible and still marked appropriately? Thanks for any help.

@christopheredwards5589 Жыл бұрын

If you have O365 GCC High Labels can be applied on a document will stay on the document unless conditionally specified. Also, The office applications on mobile devices can be containerized to protect CUI... but the native email application (Google or Iphone) aren't capable of limiting distribution of CUI.