controlled unclassified information (CUI)

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Abbreviation(s) and Synonym(s):

CUI

CNSSI 4009-2015

NIST SP 800-12 Rev. 1

NIST SP 800-150

NIST SP 800-160 Vol. 2 Rev. 1

NIST SP 800-160v1r1

NIST SP 800-161r1

NIST SP 800-171 Rev. 2

NIST SP 800-172

NIST SP 800-172A

NIST SP 800-203

NIST SP 800-37 Rev. 2

NIST SP 800-47 Rev. 1

NIST SP 800-53 Rev. 5

NIST SP 800-53A Rev. 5

Definition(s):

  Information that law, regulation, or governmentwide policy requires to have safeguarding or disseminating controls, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended.
Source(s):
NIST SP 800-172 under controlled unclassified information from E.O. 13556
NIST SP 800-171 Rev. 2 under controlled unclassified information from E.O. 13556

  Information that law, regulation, or government-wide policy requires to have safeguarding or disseminating controls, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended.
Source(s):
NIST SP 800-150 under Controlled Unclassified Information

  Information that the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. However, CUI does not include classified information or information a non-executive branch entity possesses and maintains in its own systems that did not come from, or was not created or possessed by or for, an executive branch agency or an entity acting for an agency.
Source(s):
NIST SP 800-37 Rev. 2 under controlled unclassified information from Title 32 CFR, Part 2002
NIST SP 800-53 Rev. 5 under controlled unclassified information from 32 C.F.R., Sec. 2002

  Information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended. Note: The CUI categories and subcategories are listed in the CUI Registry, available at www.archives.gov/cui.
Source(s):
CNSSI 4009-2015

  Information that law, regulation, or government-wide policy requires to have safeguarding or disseminating controls, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended.
Source(s):
NIST SP 800-172A under controlled unclassified information from E.O. 13556

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to secglossary@nist.gov.

See NISTIR 7298 Rev. 3 for additional details.