- Who is responsible for protecting CUI DoD military civilians and contractors?
- What is CUI basic answer?
- How can we protect CUI?
The Department of Defense Instruction (DoDI) 5200.48: Control Unclassified Information is the first step to implement a complex set of phases in protecting CUI. DoDI 5200.48 was issued on 6 March 2020 with some follow-up instruction from department heads.
CUI Basic is the subset of CUI for which the authorizing law, regulation, or government-wide policy does not set out specific handling or dissemination controls. Agencies handle CUI Basic according to the uniform set of controls set forth in DoDI 5200.48 and the DoD CUI Registry.
Level 1 suggests performing basic cyber hygiene practices like installing anti-virus software and regularly changing passwords to safeguard Federal Contract Information (FCI). Level 2 describes an “intermediate level of cyber hygiene” that begins implementing NIST SP 800-171 requirements to secure CUI.