What is classified and unclassified information?

Controlled Unclassified Information

What is CUI?

CUI is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws, regulations and government wide policies.

CUI is not classified information. It is not corporate intellectual property unless created for or included in requirements related to a government contract.

Why is it important?

Because there are fewer controls over CUI as compared to classified information, CUI is the path of least resistance for adversaries. Loss of aggregated CUI is the one of the most significant risks to national security, directly affecting lethality of our warfighters. 

How is CUI management changing?

In March 2020, DoD Instruction 5200.48 directed DCSA with eight responsibilities related to CUI. During the first half of 2021, DCSA developed an implementation plan to execute these responsibilities and will be utilizing a phased approach to operationalize its CUI responsibilities beginning October 1, 2021. 

What is the current status of the DCSA CUI Oversight Mission?

•DCSA is not currently conducting any oversight of CUI associated with classified contracts/cleared contractors at this time and during Phase 1, DCSA will not assess contractor compliance with contractually established CUI system requirements in DoD classified contracts associated with the National Industrial Security Program.

•DCSA will instead focus on preparing and executing program administration activities, which includes developing processes and procedures, engaging with Government and Industry stakeholders, and producing tools, training, and resources to support Industry’s development, management, and sustainment of CUI programs within their contractor facilities.

•The DCSA CUI Program Office is managed by the Enterprise Security Operations office within the Critical Technology Protection mission area at DCSA.

•DCSA will continue to keep both Government and Industry informed as program implementation matures.

CUI Implementation: Phase 1

On October 1, DCSA began operationalizing its eight CUI responsibilities using a phased approach and will be in initial operating capability throughout the duration of Fiscal Year 2022 (FY22). This first phase will begin with the standup of a centralized program administration office (hereafter referred to as the DCSA CUI Program Office) which will begin executing several administrative functions, which includes developing processes and procedures, engaging with Government and Industry stakeholders, and producing tools, training, and resources to support Industry’s development, management, and sustainment of CUI programs within their contractor facilities.

DCSA will also develop unauthorized disclosure and threat notification processes in accordance with two of its eight responsibilities. As processes are developed, information will be provided to Government and Industry partners on how to report both unauthorized disclosures of, and threats to, CUI. Effective October 1, 2021, and until formalized processes in place, Government and Industry partners should notify, via encrypted email, the DCSA CUI Program Office mailbox at for any instances involving unauthorized disclosures of, or threats to, CUI.

DCSA will not assess contractor compliance with contractually established CUI system requirements in DoD classified contracts associated with the National Industrial Security Program during Phase 1. Instead, the DCSA CUI Program Office will develop and disseminate a number of tools and resources to support industry’s self-management and attestation of CUI programs resident at their locations.

DCSA will not assess contractor compliance with contractually established CUI system requirements in DoD classified contracts associated with the National Industrial Security Program during Phase 1. Instead, the DCSA CUI Program Office will develop and disseminate a number of tools and resources to support industry’s self-management and attestation of CUI programs resident at their locations.

As resources are finalized and approved for release, they will be posted to this page.

What can Industry do now?

Review and become familiar with the two CUI registry resources that provide government approved CUI categories and organizational index groupings:

Continue to review existing contracts and engage with Government customers to determine which, if any, CUI requirements are applicable to current contracts.

• Discuss the results of these engagements with your DCSA Industrial Security Representative.

• Complete CUI training when required by Government customers.

• Review CUI resources available on this page and training available on the CDSE website.

"Review the DCSA CUI Quick Start Guide for Industry for more information and monitor this page for new resources"

DCSA Program Office tools and resources identified to assist with the development of a successful CUI program for DOD and Industry

What is meant by classified information?

What are the 3 types of classified information?

What is the difference between CUI and classified information?

What is the difference between classified and confidential?