The IT Law Wiki


Controlled unclassified information is

[a] categorical designation that refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is (i) pertinent to the national interests of the United States or to the important interests of entities outside the federal government, and (ii) under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination.[1]
requires the application of controls and protective measures, for a variety of reasons (that is, sensitive but unclassified, or for official use only), not to include those that qualify for formal classification.[2]
categories of unclassified information that require controls that protect it from public release, both to safeguard the civil liberties and legal rights of U.S. citizens, and to deny information advantage to those who threaten the security of the nation.[3]


"The CUI marking replaces multiple Sensitive But Unclassified (SBU) categories with a uniform designation, while the framework specifies the requirements for designating, marking, safeguarding, and disseminating information designated as CUI. The CUI marking and framework will standardize the manner in which the intelligence and law enforcement communities store, manage, and share sensitive but unclassified information."[4]


  1. NIST Special Publication 800-53, Rev. 4, App. B, Glossary; Designation and Sharing of Controlled Unclassified Information (CUI) §3(a).
  2. FMI 2-22.9, at 2-1.
  3. Information Sharing Environment Implementation Plan, App. 4, at 149.
  4. FBI, National Information Sharing Strategy 2011 (2011) (full-text).

See also[]