Welcome to the Defense Counterintelligence and Security Agency’s Controlled Unclassified Information (CUI) Page. This page is maintained by the CUI Branch, Enterprise Security Operations Division as part of Industrial Security. The mission of the CUI Branch is to assist the Department of Defense in its implementation of the Controlled Unclassified Information Program part of which includes assisting cleared Industry partners with CUI protection requirements associated with classified contracts within the National Industrial Security Program (NISP).
DCSA has several oversight responsibilities that include developing processes and procedures, engaging with Government and Industry stakeholders, and supporting Industry to develop, manage, and comply with contractual CUI protection requirements within contractor facilities. The tools and resources on this page are intended to support our partners as they implement CUI safeguarding practices.
Controlling unclassified information is a government-wide initiative directed by Executive Order 13556 that impacts more than 100 departments and agencies within the Executive branch. Federal departments and agencies are in the process of developing their CUI programs and updating their contracts to include CUI protection and dissemination requirements. Industry may receive contractual requirements at different times from various contracting activities. Industry is encouraged to work with its Government Contracting Activities (GCA) to further understand CUI requirements and implementation timelines.
DCSA will not assess contractor compliance with established CUI system requirements within DoD classified contracts associated with the NISP. Instead, the DCSA CUI Branch will be reviewing contractual requirements and documents as part of the Contractual Requirements Review (CRR). The goal of this assessment is to increase Industry’s understanding of what is within their contract documentation and the flow of CUI safeguarding requirements from the Government Contracting Activities to the prime and sub-contracts.
Industry partners with active DOD contracts or those planning to bid on future contracts must be familiar with CUI requirements and implement a plan to address them.
DCSA’s roles and responsibilities
DoD Instruction 5200.48 assigned DCSA eight responsibilities related to CUI. DCSA’s Industrial Security (IS), Enterprise Security Operations (ESO) Division is leading efforts to oversee the implementation of those responsibilities. DCSA will execute its responsibilities in a deliberate and phased approach over multiple years and will keep industry informed on its progression. DCSA is not currently conducting contractor assessments related to CUI. However, Industry should review existing contracts and engage with GCA to determine which, if any, CUI requirements are applicable to current contracts and the appropriate way forward.
What can Industry do now?
Review your contract. Become familiar with the requirements associated with the FAR & DFARS clauses contained within your contracts and any supplemental information protection guidance. Familiarize yourselves with ethe DoD CUI registry resources that provide government approved CUI categories and organizational index groupings:
DoD CUI Registry
- Continue to review existing contracts and engage with Government customers to determine which, if any, CUI requirements are applicable to current contracts.
- Discuss the results of these engagements with your DCSA Industrial Security Representative.
- Complete CUI training when required by Government customers.
- Review CUI resources available on this page and training available on the CDSE website.
Questions?
This page is routinely updated with news and information related to DCSA’s CUI responsibilities. The DCSA CUI Branch is dedicated to providing up-to-date information, tools, and resources to support the implementation of contractual safeguarding requirements of CUI within the NISP.
Your comments, suggestions, and feedback are welcome at dcsa.quantico.ctp.mbx.eso-cui@mail.mil.