UUI vs CUI vs Confidential vs Secret vs Top Secret

Executive Orders (EO) 12356 and 13526 established the foundation for what "classified" data is. EO 13556 established the foundation for Controlled Unclassified Information (CUI).

unclassified vs classified - UUI vs CUI vs confidential vs secret vs top secret

Unclassified Data

There are two (2) types of Unclassified data from the US Government's perspective:

Classified Data

There are three (3) types of Classified data from the US Government's perspective:

A common question is “What is Controlled Unclassified Information (CUI)?”

ANSWER: Controlled Unclassified Information (CUI) is difficult to provide a simple answer to. The authoritative source that defines CUI is the US National Archives with the CUI Registry. However, for most businesses that have to address NIST 800-171 and/or Cybersecurity Maturity Model Certification (CMMC), the focus is on a subset of CUI, Controlled Technical Information (CTI). "Technical Information" means technical data or computer software. Examples of technical information include:

Understanding Requirements For CUI

The best place to start is with understanding Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, since that establishes the definitions and need to protect CUI.

For Official Use Only (FOUO) & Sensitive But Unclassified (SBU)

There are two (2) legacy data types that are replaced by CUI:

Per US Government guidance, "legacy documents" do not need to be remarked until and unless the information is re-used, restated, or paraphrased. When new documents are derived from legacy documents, they must follow the new CUI marking standards.

There are no products listed under this category.