CUI briefing II


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

CUI briefing II

  1. 1. Controlled Unclassified Information (CUI) Leslie Bethune Information Security Manager Headquarters U.S. Marine Corps March 2010
  2. 2. Overview Authorities Current Status CUI Criteria Markings Governance Structure National Actions DoD Actions
  3. 3. Authority Section 1016 of the Intelligence Reform Terrorism Prevention Act (IRTPA) of 2004 The President shall: Create an information sharing environment (ISE) designate the organizational and management structures that will be used to operate and manage the ISE ensure that the ISE provides and facilitates the means for sharing terrorism information among all appropriate Federal, State, local, and tribal entities, and the private sector through the use of policy guidelines and technologies.
  4. 4. Authority Guideline 3, Presidential Memorandum, December 16, 2005 “ To promote and enhance the effective and efficient acquisition, access, retention, production, use, management, and sharing of Sensitive But Unclassified (SBU) information, including homeland security information, law enforcement information, and terrorism information, procedures and standards for designating, marking, and handling SBU information (collectively "SBU procedures") must be standardized across the Federal Government.” -Guideline 3, December 16, 2005 Presidential Memorandum
  5. 5. Authority Presidential Memorandum, May 9, 2008, “Designation and Sharing of Controlled Unclassified Information” Replaces the term SBU with CUI Defines CUI “ Unclassified information that does not meet the standard for National Security Classification under Executive Order 12958, as amended, but is pertinent to the national interest of the United States or originated by entities outside the U.S. Federal government, and under law or policy requires protection from disclosure, special handling safeguards, and prescribed limits on exchange or dissemination” -Presidential Memorandum, May 9, 2008, Designation and Sharing of Controlled Unclassified Information
  6. 6. Current Status May 7, 2008 – Presidential Memorandum Established a standardized framework designed to facilitate & enhance the sharing of CUI July 21, 2008 – Joint USD(I) & ASD(NII)/DoD CIO memo Advised components that transition to the CUI Framework would encompass all DoD Systems and programs April 7, 2009 – USD(I) memo Reminded components to adhere to the current DoD guidance for CUI (5200.1R) No new markings for CUI to be used until National and DoD level policy is developed and implemented Feb 1, 2010 – Draft Executive Order Controlled Unclassified Information For review and comment
  7. 7. CUI Criteria Information shall be designated as CUI if: Statute so requires or authorizes; or Agency Head determines that the information is CUI. ( Based on mission requirements, business prudence, legal privilege, the protection of personal or commercial rights, etc .)
  8. 8. CUI Criteria Information shall not be designated as CUI To conceal violations of the law, inefficiency, or administrative error; To prevent embarrassment to the US Government, any US official, organization, or agency; To improperly or unlawfully interfere with competition; To prevent or delay the release of information that does not require such protection; If it is required by statute or Executive Order to be made available to the public; or If it has been released to the public under proper authority.
  9. 9. Markings Current CUI Markings Two safeguarding levels: Controlled or Controlled Enhanced Two dissemination levels: Standard or Specified Overall CUI markings will convey the safeguarding and dissemination levels of the document
  10. 10. Markings All CUI will carry one of the three overall markings… CONTROLLED WITH STANDARD DESSEMINATION CONTROLLED WITH SPECIFIED DISSEMINATION- insert designator(s) CONTROLLED ENHANCED WITH SPECIFIED DISSEMINATION- insert designator(s) (The above are NOT classification markings therefore should not be used for marking classified information)
  11. 11. Governance Structure CUI Governance Structure: CUI Executive Agent – NARA CUI Council – Membership drawn from within the existing Information Sharing Council Departments and Agencies – Responsible for implementing and overseeing compliance with the CUI Framework
  12. 12. National Actions National actions since May 9, 2008 May 21, 2008: Archivist of the United States established the CUI Office June 30, 2008: Director of CUI Office letter to Departments and Agencies introducing the Executive Agent and tentative plans for implementation of the Framework July 9, 2008: PM-ISE activated the CUI Council as a subcommittee of the Information Sharing Council (ISC) and requested designees
  13. 13. National Actions August 2008, CUI Office launched its website at September 2008, CUI EA began developing implementing guidance May 27, 2009, Presidential memo establishing Interagency CUI Task Force Reported to the President on August 26,2009
  14. 14. DoD Actions Participating as a member of the CUI Council OASD(NII)/DoD CIO OUSD(I) Developed a DoD Transition Plan that addresses all DoD CUI Draft Plan located at
  15. 15. CUI Governing Organizations
  16. 16. CUI Training The 2008 President’s memorandum directed an ISE-wide training program CUI Office tasked to develop CUI 101 training for Federal Agencies Provide general information on CUI from the national level Web-based component Classroom based setting Modules tailored to specific users (Record Managers, FOIA Officers, Security Specialist, etc.)
  17. 17. CUI Training ODN(I) developed their version of CUI 101 USD(I) is consulting with DSSA to leverage ODN(I) efforts for the benefit of DoD components USD(I) responsible for developing CUI 201 for DoD components DSSA on board to develop CUI training for DoD
  18. 18. CUI Framework Implementation Timeline Overview (as of 11/17/08) Presidential CUI Memo May 9 NARA CUI Memo May 21 Background CUI Framework May 20 Outreach to Departments & Agencies Jun-Aug Dept Agency Letter Jun 27 CUI Council Letter Jul 9 Updated data call to Departments & Agencies Aug 8 CUIO Brief to ISC Jul 16 Phase Stand-up Initial Outreach Planning Implementation – Phase I Implementation – Phase II Date May 08 Jun Jul Aug Sep 08 Oct Nov Dec 08………Sep 09 Oct 09 Oct 10 Oct 11 Oct 12 FY 08 FY09 FY10 FY 11 FY12 FY 13 CUI Council Initial Meeting Aug 21 CUIC Sep 18 Data call due Sep 8 CUIO Review Data call Updates/ Outreach CUIO at PM- ISE PR Aug 28 CUIC Oct 16 CUIC VM Nov 19 CUIC Dec 4 Guiding Documents CUI Council Meetings Stand-up Outreach Phase Planning Phase Implementation Phase Departments & Agencies Identify reps Every 3 rd Thurs as needed Milestones and Plan Draft Implementing Guidance Safeguarding Dissemination Designating Marking Initiate CUI 101Training Design Registry Review Department & Agency Plans Annual Report Finalize Department & Agency Plans Activate Registry Initiate CUI 201Training Identify and designate CUI Alignment of Policy-based Markings Begin federal rule-making process Annual Report FY09 FY10 Alignment of Policy Markings with Exceptions Alignment of Regulatory Markings Confirm necessary changes to regulation and statute Annual Report FY11 Department & Agencies submit Plans to CUIO Monitor Department & Agency compliance with CUI policy, standards, and markings Evaluate effectiveness of CUI Implementation Policy and Guidance Update Policy and Guidance as necessary Annual Report FY12 – FY 13 Full Implementation of CUI Framework May 2013
  19. 19. Conclusion Major DoD policy documents that will require update are: DoD 5200.1-R , "Information Security Policy“ DoD Directive 5230.24 , "Distribution Statements on Technical Documents“ DoD Instruction 5210.83 , "Department of Defense Unclassified Controlled Nuclear Information (DoD UCNI)“ DoD Instruction 5030.59 , "National Geospatial-Intelligence Agency (NGA) LIMITED DISTRIBUTION Geospatial Information“ (Do NOT implement the national level policy—continue to follow guidance in DoD 5200.1-R)
  20. 20. QUESTIONS?