The Controlled Unclassified Information (CUI) program standardizes the way all U.S. government agencies and military entities handle unclassified information that requires safeguarding. It clarifies and limits what kinds of information to protect, defines what is meant by “safeguard,” reinforces existing legislation and regulations, and promotes authorized information-sharing. These security controls must be implemented not only by federal agencies but also at both the contractor and subcontractor levels as well.
While it is critical to set standardized controls for the way information is handled, the process of implementing CUI markings across agency data is complex, time-consuming, and often unclear; with some 240 CUI markings with complex rules for how to apply them.
In addition to the sheer number of markings that organizations must understand, the National Archives and Records Administration (NARA) has published detailed guidelines on how the markings should be formatted on the page. Banner markings must include CUI markings for every category of information contained in the document as well as markings that dictate dissemination and release protocols. Markings must also appear in a certain order, and some have corresponding information that must be included as a footer to the document with additional legalese, contact information, and other details. Similar rules exist for emails as well.
With so many categories and such complex guidelines to keep track of, human error can be an issue. It’s easy for a user to miss sensitive content, such as a person’s name or health data, within a document and fail to mark for that information. Maybe a user does not realize that certain information should be limited to U.S and Canadian recipients only. By not marking the Dissemination portion of the document correctly, the document could accidentally be shared with unauthorized people and organizations.
Fortra's Data Classification Suite Config for CUI delivers a data protection solution to enable government agencies and third-party contractors to automatically apply consistent CUI markings that comply with all regulations to appropriately safeguard sensitive government information.
Preconfigured policies streamline the process for both email and documents, making it easy for users to implement the CUI framework accurately and consistently. The policies developed by our data protection and compliance specialists have been built with a nuanced understanding of the markings and are brought to life by the industry’s most advanced and flexible policy engine to reduce the complexity involved with CUI compliance in the following ways:
- Automatically apply CUI markings: Once configured for your organization, the DCS policy engine scans for sensitive data upon save or send and applies the appropriate Banner and Portion markings automatically, without user intervention.
- Apply the full list of CUI categories and subcategories: The configurations available in DCS Config for CUI include all 240 CUI categories, including both Basic and Specified controls. The policies created by DCS can differentiate between these different types of data and apply the appropriate markings and information handling policies.
Even though a particular agency may only use a few CUI categories internally, support for the broader range of CUI categories will more easily facilitate information exchange across governmental departments. Fortra's Data Classification Suite policies can be customized to support the markings required by existing workflows while also supporting categorization of data in a mixed Classified and Unclassified environment.
Follow formatting guidelines: The CUI Marking Handbook, published by NARA, outlines how CUI markings should visually appear in documents and emails. Fortra's Data Classification Suite has worked closely with NARA to incorporate the CUI categories and marking guidelines into the DCS Config for CUI, including all the nuances of how the markings should appear on the page. DCS also tracks CUI designations that require additional information to appear in the footer of a document and automatically applies that as well.
Manually tailor Banner and Portion markings: The DCS interface allows users to manually apply Banner and Portion CUI markings or override any automated markings when necessary. The user experience within these features can be customized for specific user groups or entire agencies. Users can further customize CUI markings via the toolbar commands to depart from default policy settings or to include additional information as needed, such as:
- Designator agency and contact information
- Decontrol dates
- Redaction parameters for specified information
- Clearance checking
- Automated encryption
- Navigate CUI complexities with confidence: If a user introduces an error when manually selecting Banner or Portion markings, the DCS solution will detect the problem, halt the send or save, and alert the user.
- Keep data secure: Correct CUI markings ensure that data stays within the approved domain and is viewed only by the appropriate audience. Distribution is controlled by the Dissemination Controls either selected by the user or applied automatically through DCS’ complex policy configuration.
The Fortra's Data Classification Suite policy engine also helps you optimize your other security solutions to protect CUI as well. Working in the background, DCS metadata makes it easier for data loss prevention (DLP) and encryption technologies, network guards, archiving solutions, and other security solutions to recognize sensitive government information and apply the appropriate controls.
Easy, Accurate, Secure
DCS Config for CUI makes it easy for federal agency employees, contractors, and vendors to apply CUI markings accurately and consistently across departments. Users are empowered to engage with and share information confidently for increased collaboration and greater productivity. The ability to share information securely also promotes government transparency while protecting sensitive government information.