Controlled Unclassified Information (CUI): An Overview.
-
Upload
shanon-farmer -
Category
Documents
-
view
225 -
download
0
Transcript of Controlled Unclassified Information (CUI): An Overview.
Controlled Unclassified Information (CUI):An Overview
2
The Memorandum:
• Adopts, defines, and institutes “Controlled Unclassified Information” (CUI) as the single categorical designation for all information referred to as “Sensitive But Unclassified” (SBU) in the Information Sharing Environment (ISE); and
• Establishes a corresponding new CUI Framework for designating, marking, safeguarding, and disseminating information designated as CUI; and
• Designates the National Archives and Records Administration (NARA) as the Executive Agent, to oversee and implement the new CUI Framework.
On May 9, 2008, the President released the Memorandum for the Heads of Executive Departments and Agencies on the Designation and Sharing of Controlled Unclassified Information.
May 9th Presidential Memorandum
The purpose of the Framework is to standardize practices and thereby improve the sharing of information.
3
The Presidential Memorandum designates NARA as the CUI The Presidential Memorandum designates NARA as the CUI Executive Agent. On May 21, 2008, the Archivist of the United Executive Agent. On May 21, 2008, the Archivist of the United States established the CUI Office within NARA to oversee and States established the CUI Office within NARA to oversee and manage the implementation of the new CUI Framework.manage the implementation of the new CUI Framework.
CUI CUI
Executive AgentExecutive Agent
CUI CUI
Executive AgentExecutive Agent
CUI CUI
CouncilCouncil
CUI CUI
CouncilCouncil
The CUI Council members shall be drawn from within the existing The CUI Council members shall be drawn from within the existing ISC. As appropriate, the CUI Council will consult with the ISC’s ISC. As appropriate, the CUI Council will consult with the ISC’s State, Local, Tribal, and Private Sector Subcommittee. State, Local, Tribal, and Private Sector Subcommittee. Representing the needs and equities of ISE participants, the CUI Representing the needs and equities of ISE participants, the CUI Council will provide advice and recommendations to the Executive Council will provide advice and recommendations to the Executive Agent on ISE-wide CUI policies, procedures, guidelines, and Agent on ISE-wide CUI policies, procedures, guidelines, and standards. The PM-ISE issued guidance establishing the CUI standards. The PM-ISE issued guidance establishing the CUI Council on July 9, 2008. The first CUI Council meeting was held Council on July 9, 2008. The first CUI Council meeting was held on Aug. 21, 2008.on Aug. 21, 2008.
Departments Departments and and
AgenciesAgencies
Departments Departments and and
AgenciesAgencies
Heads of all Federal departments and agencies will be responsible Heads of all Federal departments and agencies will be responsible for implementing the CUI Framework standards for ISE-wide CUI for implementing the CUI Framework standards for ISE-wide CUI policy and ensuring that their departments or agencies comply with policy and ensuring that their departments or agencies comply with the CUI Framework. On June 30, 2008, the Director of the CUI the CUI Framework. On June 30, 2008, the Director of the CUI Office sent a letter to Departments and Agencies with initial Office sent a letter to Departments and Agencies with initial implementing guidance for CUI.implementing guidance for CUI.
CUI Governance Structure
4
The CUI Council will carry out the following functions as directed by the President:• Serve as the primary advisor to the Executive Agent on issues pertaining to the CUI Framework
• Advise the Executive Agent in developing procedures, guidelines, and standards necessary to establish, implement, and maintain the CUI Framework;
• Ensure coordination among the depts. and agencies participating in the CUI Framework; and
• Resolve complaints and disputes among departments and agencies about proper designation or marking of CUI.
The CUI Council
• Department of Commerce• Department of Defense • Director of National Intelligence (IC)• Department of Energy• Federal Bureau of Investigation• Department of Health and Human Services• Joint Staff• Department of Homeland Security• Department of Interior
• Department of Justice
• Office of Management and Budget
• Program Manager for the Information Sharing Environment
• Department of State
• Department of Transportation
• Department of Treasury
• Environmental Protection Agency
• Nuclear Regulatory Commission
• Two SLT members and two private sector members on the CUI Council.
5
Two Private Sector Representatives
Frederick V. Riccardi• Senior Executive Director
Security and Mission AssuranceManTech International Corporation
• National Defense Industrial Association – Chairman Industrial Security Committee 2008-2009
• Nominated by the NISPPAC membership for representation on CUI Council
Turner D. Madden, Esquire• Madden & Patton, LLC• Vice Chairman of the Partnership for Critical Infrastructure and the Co-Chairman of the
Commercial Sector Coordinating Council for the U.S. Department of Homeland Security Elected by the sub-sector chairs in the Commercial Sector
• Nominated by the industry members of the Critical Infrastructure Partnership Advisory Council (CIPAC) for representation on CUI Council
6
CUI Framework Implementation Timeline Overview 08/21/08
PresidentialCUI Memo
May 9
NARACUI Memo
May 21
BackgroundCUI
FrameworkMay 20
Outreach toDepartments& AgenciesJun-Aug
DeptAgencyLetter
Jun 27 CUICouncilLetterJul 9
Updateddata call toDepartments& AgenciesAug 8
CUIOBrief to
ISC Jul 16
Phase Stand-up Initial Outreach Planning Implementation – Phase I Implementation – Phase II
Date May 08 Jun Jul Aug Sep 08 Oct Nov Dec 08………Sep 09 Oct 09 Oct 10 Oct 11 Oct 12 FY 08 FY09 FY10 FY 11 FY12 FY 13
CUICouncilInitialMeetingAug 21
CUICSep 18
Data call due Sep 4
CUIOReview
Data callUpdates/Outreach
CUIOat PM-ISE PRAug 28
CUICOct 16
CUICNov 20
CUICDec 18
Guiding Documents
CUI Council Meetings
Stand-up
Outreach Phase
Planning Phase
Implementation Phase
Departments& AgenciesIdentify reps
Every 3rd
Thurs asneeded
Milestones for ImplementationDraft Implementing Guidance Safeguarding Dissemination Designating MarkingInitiate CUI 101TrainingDesign RegistryReview Department & Agency PlansAnnual Report
Finalize Department & Agency PlansActivate RegistryInitiate CUI 201TrainingIdentify and designate CUI Alignment of Policy-based MarkingsBegin federal rule-making processAnnual Report
FY09 FY10
Alignment of Policy Markings with ExceptionsAlignment of Regulatory MarkingsConfirm necessary changes to regulation and statute Annual Report
FY11
Department &Agencies submitPlans to CUIO
Monitor Department & Agency compliance with CUI policy, standards, and markingsEvaluate effectiveness of CUI Implementation Policy and GuidanceUpdate Policy and Guidance as necessaryAnnual Report
FY12 – FY 13
FullImplementation
of CUI FrameworkMay 2013
7
• Development of Centralized Implementation Plan Set priorities for implementation
Establish milestones for alignment to CUI Framework
Establish training schedule
• Development of Implementation Policies
Define Safeguarding Standards
Define Department and Agency CUI Dissemination Policies
Develop detailed guidance on CUI life cycle, portion marking, and application of CUI Framework to archived information
Establish Centralized CUI Training (“CUI 101”)
• Begin the development of Department- and Agency-specific Implementation Plans
Establish Department- and Agency-specific CUI Training (“CUI 201”)
FY09 Priorities
The intent is to provide departments and agencies the information that they need to plan for implementation and align this implementation with their normal budget cycles.
8
Guiding Principles
Sharing CUI will be shared as broadly as possible.
Protection CUI will be appropriately protected.
RationalizationCUI policy will be developed with deliberate consideration to managing risk and information sharing.
FlexibilityCUI policy development will respond to changes through centralized management and distributed execution.
InclusivenessCUI policy will address the needs of all ISE partners, both users and producers of information, taking into account all media types.
StandardizationCUI policy will be standardized so all participants are governed by uniform definitions and practices.
TransparencyCUI policy will be developed with input by State, local, tribal, and private sector entities and comment by the public.
9
Policy Development Process
• Safeguarding introduced to CUI Council 18 Sep 08 Discussed at five Council sessions
• Working Group formed 25 Sep 08 Strawman language discussed and vetted at three WG sessions
• Draft strawman guidance organized into six general sections:- General Policy - Storage
- Waivers for Exigent Situations - Transmission
- Controls in Use - Destruction
• Draft Interim Guidance briefed at 19 Feb 09 CUI Council• Retained in “draft” status until other focus areas drafted and
vetted through same CUIO process
10
Policy Development – Stage in Process
• CUI Policy is being organized under eight primary focus areas
• Safeguarding
• Dissemination
• Dispute Resolution
• Markings
• Designation
• Life Cycle
• Exceptions
• Penalties/Enforcement
Intro development Draft Final
development Draft
development Draft
development Draft
development Draft
Intro
Intro
Intro
Final
Final
Final
Final
Intro
11
Other Implementation Preparation Activities
• Designation
• Specified Dissemination
• Registry
• Training
• Outreach
12
Contact Information
Controlled Unclassified Information OfficeNational Archives and Records Administration700 Pennsylvania Avenue, N.W., Room 100
Washington, DC 20408-0001
(202) 357-6870 (voice)(202) 357-6871 (fax)[email protected] (email)
www.archives.gov/CUI (website)