Back

Understanding Types of CUI

What is CUIThe Controlled Unclassified Information CUI program was established by Executive Order 13556httpsobamawhitehousearchivesgo...

4 min read
Published on Feb 9, 2021
Understanding Types of CUI

What is CUI

The Controlled Unclassified Information (CUI) program was established by Executive Order 13556 on November 4, 2010, and standardized the way the executive branch handles unclassified information that requires safeguarding. Prior to the CUI program, departments and agencies of the Executive Branch used agency-specific and ad hoc policies, which led to confusing and inconstant protection and or restrictive dissemination policies that created impediments to authorized information sharing. The executive order names the National Archives and Records Administration (NARA) to implement and oversee agency actions to comply with the order. Part of the executive order required NARA to establish a public CUI register, that reflects the categories and sub categories of CUI.

The Definition of CUI

CUI is defined as “Information the Government creates or possesses or that an entity creates or possess for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits and agency to handle using safeguarding or dissemination controls.”  To learn more about these controls, read our blog on DFARS in Microsoft 365

CUI does not include classified information defined in Executive Order 13526, Classified National Security Information, or information covered by the Atomic Energy Act 

Marking CUI

CUI doesn’t just magically appear with markings. As CUI can be created by the government OR those doing business with it, it is common for defense contractors to create new CUI in the process of delivering on their contracts. “The authorized holder of a document or material is responsible for determining, at the time of creation, whether the information falls into a CUI category. If so, the authorized holder is responsible for applying CUI markings and dissemination instructions accordingly. Each organization within DoD may generate specific guidance.” The first step to managing CUI is properly marking information that requires safeguarding or dissemination controls. The primary reference for correct marking of CUI is The CUI Marking Handbook.

Limited Dissemination Control Markings

In addition to general CUI categories and specifications, CUI can also be marked with limited dissemination controls. Information can be marked with mutiple limited dissemination controls by separating them with a single forward slash.

  • NOFORN - No Foreign Dissemination
  • FED ONLY - Federal Employees Only
  • FEDCON - Federal Employees and Contractors Only
  • NOCON - No dissemination to contractors
  • DL ONLY - Dissemination list controlled
  • REL TO - Authorized for release to certain nationals only (Ex: REL TO USA)
  • DISPLAY ONLY  - Disclosure allowed to a foreign recipient with providing a copy
  • Attorney Client - Protected by attorney client privilege
  • Attorney Work Product - Dissemination prohibited unless specifically permitted by overseeing attorney

Categories and Organization of CUI

NARA established the CUI Public Registry at archives.gov/cui which includes information on properly marking CUI, references for the safeguarding or Dissemination authority for each type of CUI. The CUI registry navigation is a bit cumbersome, so we have taken the time to put the index below together with direct links to the Archive.Gov documentation

Organizational Index Groups

Types of Critical Infrastructure CUI

Types of Defense CUI

Types of Export Control CUI

Types of Financial CUI

Types of Intelligence CUI

Types of International Agreements CUI

Types of Law Enforcement CUI

Types of Legal CUI

Types of Natural and Cultural Resources CUI

Types of North Atlantic Treaty Organization (NATO) CUI

Types of Nuclear CUI

Types of Patent CUI

Types of Privacy CUI

Types of Procurement and Acquisition CUI

Types of Proprietary Business Information CUI

Types of Provisional CUI

Types of Statistical CUI

Types of Tax Information CUI

Types of Transportation CUI

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

CMMC Compliance — Understanding the Requirements and Why It's Important

CMMC Compliance — Understanding the Requirements and Why It's Important

CMMC compliance is crucial for protecting Controlled Unclassified Information (CUI) in defense contracts. Learn what CMMC is, its certification levels, and why it matters.

Jul 2, 2025
9 min read
CMMC Certification vs. Self-Assessment What You Need to Know

CMMC Certification and Self-Assessment: What Contractors Need to Know

Not all contractors need a third-party CMMC certification. Find out the differences between CMMC certification and self-assessment and which one applies to your organization.

Jul 1, 2025
7 min read
How Much Does It Cost to Achieve CMMC Compliance?

How Much Does It Cost to Achieve CMMC Compliance and Prepare for Certification?

CMMC compliance costs vary by level and organization size. Get a breakdown of certification expenses, hidden costs, and funding options for meeting CMMC requirements.

Jun 30, 2025
7 min read
Azure Migration Planning A Complete Assessment Checklist for a Successful Transition

Azure Migration Planning A Complete Assessment Checklist for a Successful Transition

A successful Azure migration starts with proper planning. Use this step-by-step assessment checklist to evaluate infrastructure, dependencies, and tools before migrating.

Jun 23, 2025
7 min read
Migrate On-Premises VMs to Azure: Tips, Advice & Best Practices

Migrate On-Premises VMs to Azure: Tips, Advice & Best Practices

Learn how to migrate on-premises VMs to Azure with expert tips and best practices. Optimize your cloud migration strategy for security, performance, and cost efficiency.

Jun 20, 2025
9 min read
Azure Migration vs AWS Migration Key Differences

Comparing Azure Migration and AWS Migration Key Differences in Cloud Strategy

Comparing Azure and AWS for cloud migration? Learn the key differences in pricing, security, tools, and performance to choose the right platform for your business.

Jun 18, 2025
8 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation