Controlled Unclassified Information
Nov 9, 2010
Signed by: Barack Obama
Signed on: Nov 4, 2010
Published on: Nov 9, 2010
Nov 9, 2010
Signed by: Barack Obama
Signed on: Nov 4, 2010
Published on: Nov 9, 2010
Summary
Establishes one clear, government-wide system for marking and handling sensitive but unclassified information to improve sharing and security.
What problem does this solve?
Government agencies used many different, confusing rules to protect sensitive information, which made it hard to share information securely and efficiently. This order solves the problem by creating one standard program for all agencies to follow when handling this type of information.
What does this order do?
Creates a uniform CUI program
Establishes a single, government-wide program for managing unclassified information that needs protection, replacing inconsistent agency-specific policies.
Appoints the National Archives as Executive Agent
Designates the National Archives and Records Administration (NARA) as the Executive Agent responsible for implementing the order and ensuring agency compliance.
Establishes a public CUI registry
Directs the Executive Agent to create and maintain a public registry of all authorized CUI categories, markings, and handling procedures within one year.
Requires agencies to review information policies
Mandates that all executive agencies review their current methods for controlling unclassified information and propose new categories for the CUI program within 180 days.
Discourages over-designation of sensitive information
States that if there is significant doubt about whether information should be designated as CUI, it should not be labeled as such.
Who does this affect?
- Federal government agencies and employees
- State, local, and tribal governments
- Private sector partners
What is the real world impact?
•
Improves government efficiency and information sharing
Replaces a confusing mix of agency-specific rules with a single, clear system. This makes it easier for government employees to know how to handle sensitive information and share it with the right people.
•
Strengthens national security
Creates clear, consistent rules for protecting sensitive but unclassified data, reducing the risk of leaks or improper handling of information related to privacy, security, or law enforcement.
When does this start?
This order sets several deadlines for agencies and the Executive Agent to establish the new information management program.
Agency review of current policies
Within 180 days (by May 3, 2011), agency heads must review their current information control policies and submit proposed CUI categories to the Executive Agent.
Issuance of initial directives
Within 180 days (by May 3, 2011), the Executive Agent must issue the first set of directives for implementing the CUI program.
Creation of public CUI registry
Within one year (by November 4, 2011), the Executive Agent must establish a public registry of all authorized CUI categories and procedures.
Agency compliance plan submission
Within 180 days after the Executive Agent issues initial policies, each agency must submit a plan for how it will comply with the new CUI program.
Regular status reports
The Executive Agent must publish a report on the status of agency implementation every year for the first five years, and every two years after that.