Back

Understanding Types of CUI

What is CUIThe Controlled Unclassified Information CUI program was established by Executive Order 13556httpsobamawhitehousearchivesgo...

4 min read
Published on Feb 9, 2021
Understanding Types of CUI

What is CUI

The Controlled Unclassified Information (CUI) program was established by Executive Order 13556 on November 4, 2010, and standardized the way the executive branch handles unclassified information that requires safeguarding. Prior to the CUI program, departments and agencies of the Executive Branch used agency-specific and ad hoc policies, which led to confusing and inconstant protection and or restrictive dissemination policies that created impediments to authorized information sharing. The executive order names the National Archives and Records Administration (NARA) to implement and oversee agency actions to comply with the order. Part of the executive order required NARA to establish a public CUI register, that reflects the categories and sub categories of CUI.

The Definition of CUI

CUI is defined as “Information the Government creates or possesses or that an entity creates or possess for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits and agency to handle using safeguarding or dissemination controls.”  To learn more about these controls, read our blog on DFARS in Microsoft 365

CUI does not include classified information defined in Executive Order 13526, Classified National Security Information, or information covered by the Atomic Energy Act 

Marking CUI

CUI doesn’t just magically appear with markings. As CUI can be created by the government OR those doing business with it, it is common for defense contractors to create new CUI in the process of delivering on their contracts. “The authorized holder of a document or material is responsible for determining, at the time of creation, whether the information falls into a CUI category. If so, the authorized holder is responsible for applying CUI markings and dissemination instructions accordingly. Each organization within DoD may generate specific guidance.” The first step to managing CUI is properly marking information that requires safeguarding or dissemination controls. The primary reference for correct marking of CUI is The CUI Marking Handbook.

Limited Dissemination Control Markings

In addition to general CUI categories and specifications, CUI can also be marked with limited dissemination controls. Information can be marked with mutiple limited dissemination controls by separating them with a single forward slash.

  • NOFORN - No Foreign Dissemination
  • FED ONLY - Federal Employees Only
  • FEDCON - Federal Employees and Contractors Only
  • NOCON - No dissemination to contractors
  • DL ONLY - Dissemination list controlled
  • REL TO - Authorized for release to certain nationals only (Ex: REL TO USA)
  • DISPLAY ONLY  - Disclosure allowed to a foreign recipient with providing a copy
  • Attorney Client - Protected by attorney client privilege
  • Attorney Work Product - Dissemination prohibited unless specifically permitted by overseeing attorney

Categories and Organization of CUI

NARA established the CUI Public Registry at archives.gov/cui which includes information on properly marking CUI, references for the safeguarding or Dissemination authority for each type of CUI. The CUI registry navigation is a bit cumbersome, so we have taken the time to put the index below together with direct links to the Archive.Gov documentation

Organizational Index Groups

Types of Critical Infrastructure CUI

Types of Defense CUI

Types of Export Control CUI

Types of Financial CUI

Types of Intelligence CUI

Types of International Agreements CUI

Types of Law Enforcement CUI

Types of Legal CUI

Types of Natural and Cultural Resources CUI

Types of North Atlantic Treaty Organization (NATO) CUI

Types of Nuclear CUI

Types of Patent CUI

Types of Privacy CUI

Types of Procurement and Acquisition CUI

Types of Proprietary Business Information CUI

Types of Provisional CUI

Types of Statistical CUI

Types of Tax Information CUI

Types of Transportation CUI

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Top CMMC Assessment Checklist Resources

Top 7 CMMC Assessment Checklist Resources

Explore the top CMMC assessment checklist resources to prepare for compliance. Learn what tools, templates, and guides can streamline your certification journey.

Aug 28, 2025
6 min read
Cloud Backup Solutions for Microsoft 365 | Benefits & Protection

Benefits of Implementing Cloud Backup Solutions for Microsoft 365

Learn the key benefits of cloud backup for Microsoft 365, including enhanced data protection, compliance support, and recovery from cyber threats.

Aug 27, 2025
6 min read
CMMC Level 3 Security Controls: Understanding NIST 800-172

Understanding NIST 800-172 Enhanced Security Controls for CMMC Level 3

Learn how NIST 800-172 enhances CMMC Level 3 compliance with advanced security controls for protecting CUI against sophisticated cyber threats.

Aug 27, 2025
7 min read
Standard Form SF-XX: A Contractor’s Guide to FAR Compliance

Standard Form SF-XX in FAR Contracts: What Contractors Need to Know

Understand the role of Standard Form SF-XX in FAR contracts. Learn how to complete it, key compliance requirements, and why it matters for government contractors.

Aug 25, 2025
6 min read
Why Hire an MSP to Manage CUI Compliance

Why Hire an MSP to Manage CUI Compliance?

Discover how hiring an MSP to manage CUI compliance streamlines security, meets DFARS and NIST 800-171 requirements, and reduces internal IT burden.

Aug 23, 2025
9 min read
What is FAR CUI and How Does It Affect Contractors?

The FAR CUI: What It Means for Contractors and How to Stay Compliant

Learn about the FAR CUI, its security requirements, and how it impacts federal contractors. Understand the key compliance measures and steps to align with Federal Acquisition Regulation (FAR) guidelines.

Aug 22, 2025
8 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation