Document Drafting Handbook Information is classified as CONFIDENTIAL if an unauthorized disclosure could reasonably be expected to cause damage to national security. 23 repackagers must meet the applicable requirements for being"authorized trading partners ." 3 24 DSCSA also requires FDA to issue regulations that establish Federal standards for licensing the ); and. Each document posted on the site includes a link to the Answer: The correct type of UD is public domain. Answer: Data spills are the transfer of classified information or CUI onto an information system not authorized at the appropriate security level or having the required CUI protection. The Order establishes that the CUI Executive Agent, designated as NARA, shall develop and issue such directives as are necessary to implement the CUI Program (Section 4b). If the recipient isnt a US citizen, then you must also consider export controls that need government authorization. In your own words rewrite the phrases listed and briefly explain what framers meant by each phrase, These include the creation of a Japanese writing (kana) using Chinese characters, mostly phonetically, which permitted the production of the world's f This proposed rule does not contain any information collection requirements subject to the Paperwork Reduction Act. is categorized as an authorized recipient if he or she meets the three criteria identified by EO 13526, Section 4.1 (a). This ensures compliance with export requirements, especially when non-US citizens visit their organizations. Very typical as most people who are poor work without much hope of advancement. (2) Designate a CUI senior agency official responsible for ensuring agency implementation, management, and oversight of the CUI Program. What type of unathorized disclosure has occurred? (d) An employee granted access to classified information may be investigated at any time to ascertain whether he or she continues to meet the requirements for access. Non-Federal systems are often built using different processes from the Government-specific ones outlined in the NIST guidelines, even while achieving the same standard of protection as set forth in the Federal Information Processing Standards (FIPS). This information is called Controlled Unclassified Information (CUI). However, if the portion includes different CUI categories or subcategories, you must portion mark all segments separately to avoid improper control of any one segment. Authorized holders should disseminate and encourage access to CUI Basic for any recipient when the access meets the requirements set out in paragraph (a)(1) of this section. (iv) Include in the CUI banner marking all CUI Specified category or subcategory markings; other category or subcategory markings that may apply are optional. What should be her first action?Secure the information in a GSA-approved security containerThe prevention of serious security incidents is a responsibility ______________.shared by all DoD personnel, Unauthorized Disclosure (UD) of Classified Information and Controlled Unclassified Information (CUI) IF130.16 - CDSE, Marking Special Categories of Classified Information IF105.16 - CDSE, DAF Operations Security Awareness Training . (m) The Archivist of the United States may decontrol records transferred to the National Archives in accordance with 2002.26 of this part, absent a specific agreement otherwise with the originating agency. Indicate the uncontrolled unclassified portions by using a (U) immediately preceding the portion to which it applies. (b) The CUI Program standardizes the way the executive branch handles sensitive information that requires protection under laws, regulations, or Government-wide policies, but that does not qualify as classified under Executive Order 13526, Classified National Security Information, December 29, 2009 (3 CFR, 2010 Comp., p. 298), or the Atomic Energy Act of 1954 (42 U.S.C. (ii) Sharing CUI without a formal agreement. When classified information is in an authorized individuals hands, the individual should use a classified document cover sheet to alert holders to the presence of classified information and to Is Yuri following DoD policy? Now that this is a little easier to understand, what does it mean for sharing CUI? (c) Until the challenge is resolved, continue to safeguard and disseminate the challenged CUI at the control level indicated in the markings. Are there any limited dissemination controls or distribution statements that could prohibit access? }n"%u[Paoq5s#EF'/rj:?:] &FKKo! However, you must not include these additional indicators in the CUI banner marking or portion markings. %PDF-1.5 % Authorized holders must meet the requirements to access Operation in accordance with a lawful government purpose. C. Not very. unauthorized disclosure of classified information? The president must sign an executive agreement without the Senate, but must have approval of the House and the Supreme Court. A(n) ____________ special occasion is speech given by the recipient of a prize or honor. 4, 1442 AH. (2) We encourage you to use in-transit automated tracking and accountability tools when you send CUI. The authorized holder of a document or material is responsible for determining, at the time of creation, whether information in a document or material falls into a CUI category. The initial determination information needs protection, Sarah is a contractor working within the government on a contract requiring access to Secret information. (a) CUI categories and subcategories are the exclusive means of designating CUI throughout the executive branch. 5312(a) or by a holding company as defined in 12 U.S.C. (1) Agencies may establish policy that allows holders to remove or strike through only those markings on the first or cover page of the CUI. (f) Destroying CUI. (a) Agencies may decontrol CUI that they have designated: (1) When laws, regulations or Government-wide policies no longer require its control as CUI; (2) In response to a request by an authorized holder to decontrol it, if the agency is the designating agency; (3) When the designating agency decides to release it to the public by making an affirmative, proactive disclosure; (4) When the agency releases it in accordance with an applicable information access statute, such as the Freedom of Information Act (FOIA); (5) Consistent with any declassification action under Executive Order 13526 or any predecessor or successor order; or. 17.41 Access to classified information. It does this to facilitate public access and can do so without a specific agreement with the designating agency. If so, the authorized holder is responsible for applying CUI markings and dissemination instructions accordingly. You or the physical barrier must reasonably protect the CUI from unauthorized access or observation. If an authorized holder has significant doubt about whether it is appropriate to use a limited dissemination control, the authorized holder should consult with and follow the designating agency's policy. How to Identify Authorized Recipients of Controlled Unclassified Information, The Massive List of Use Cases for QR Codes in Healthcare, 45+ Most Alarming Florida Human Trafficking Statistics, Etactics, Inc., 300 Executive Parkway West, Hudson, OH, 44236, United States. (ii) Use of limited dissemination controls to unnecessarily restrict access to CUI is contrary to the stated goals of the CUI Program. Mark working papers containing CUI as required for any CUI contained within them and handle them in accordance with this part and the CUI Registry. (2) Agency heads may not authorize the use of supplemental administrative markings to establish safeguarding requirements or disseminating restrictions, or to designate the information as CUI. D. Mateo's issues must be unique to the city he lives in since these issues are not common. Non-US citizens must execute a nondisclosure agreement approved by appropriate DoD Component authorities. (11) Reports to the President on implementation of the Order and the requirements of this part. (5) Agreements. (3) CUI portion markings consist of the following elements: (i) The CUI control marking, which must be the acronym CUI; (ii) CUI category/subcategory portion markings (if required); and. (1) Must be at the Senior Executive Service level or equivalent; (2) Direct and oversee the agency's CUI Program; (4) Ensure the agency has CUI implementing policies and plans, as needed; (5) Implement an education and training program pursuant to 2002.20 of this part; (6) Upon request of the CUI Executive Agent under section 5(c) of the Order, provide an update of CUI implementation efforts for subsequent reporting; (7) Develop and implement the agency's self-inspection program; (8) Establish a process to accept and manage challenges to CUI status, consistent with existing processes based in laws, regulations, and Government-wide policies; and. Non-executive branch entities may receive CUI directly from members of the executive branch or as sub-recipients from other non-executive branch entities. Authorized holders must meet the requirements to access ____________ in accordance with a lawful government purpose: Activity, Mission, Function, Operation, and Endeavor. Each organization within DOD may generate specific guidance. Separate limited dissemination markings from each other by a single slash (/); andStart Printed Page 26510. Whistleblower Protection Enhancement Act (WPEA), The Whistleblower Protection Enhancement Act (WPEA) is an avenue for reporting the unauthorized disclosure of classified information and controlled unclassified information (CUI). of unauthorized recipients. The Office of Management and Budget (OMB) has reviewed this regulation. (a) No employee shall be granted access to classified information unless that employee has been determined to be eligible in accordance with this order and to possess a need-to-know. (3) Records maintained by commercial entities within the United States pertaining to any travel by the employee outside the United States. No negative inferences concerning the standards for access may be raised solely on the basis of the sexual orientation of the employee or mental health counseling. (i) CUI limited dissemination control markings align with limited dissemination controls established under 2002.13(b)(3) of this part. (6) When a pre-determined event or date occurs, as described in the decontrol indicators section of this part. Designating agency is the executive branch agency that designates a specific item of information as CUI. When an agency entered into an information-sharing agreement prior to November 14, 2016, the agency should modify any terms in that agreement that conflict with the requirements in the Order, this part, and the CUI Registry, when feasible. Eligibility shall be granted only where facts and circumstances indicate access to classified information is clearly consistent with the national security interests of the United States and any doubt shall be resolved in favor of the national security. That agency shall decide within 30 days whether to classify this information. Decontrolling occurs when an agency removes safeguarding or dissemination controls from CUI that no longer requires such controls. documents in the last year, 474 Which type of unauthorized disclosure has occurred?Data SpillAn individual with access to classified information sells classified information to a foreign intelligence entity. Agencies may increase the confidentiality impact level above moderate and apply additional security requirements and controls only internally; they may not require anyone outside the agency to use a higher impact level or more stringent security requirements and controls. First, they must have a favorable determination of eligibility at the proper level for access to classified information. (a) When feasible, agencies must decontrol records containing CUI prior to transferring them to NARA. Which of the following must she have to meet the requirement to access classified information?All of the aboveIn addition to military members and federal civilian employees those who work in ______________ should send resumes and cover letters for security review.special programsAs a military member or federal civilian employee, it is a best practice to ensure your current or last command conduct a security review of your resume and ____.cover letterA retired service member has just written an article on his last tour of duty for his hometown newspaper. (5) Analysis and conclusions from the self-inspection program, documented on an annual basis and as requested by the CUI Executive Agent. This part also applies, by extension, to agency practices involving non-executive branch CUI recipients, as follows: (1) Contractors handling CUI for an agency. Register, and does not replace the official print version or the official (1) You may use the United States Postal Service or any commercial delivery service when you need to transport or deliver CUI to another organization. include documents scheduled for later issues, at the request (4) Authorized holders must comply with policy in the Order, this part, and the CUI Registry, and review any applicable agency CUI policies for additional instructions. (5) Do not put CUI markings on the outside of an envelope or package. (c) Using the CUI banner marking. The designating agency can decontrol CUI in response to a request by a declassification action by Executive Order. (2) Consistent with this already-established framework governing all Federal information systems, CUI is categorized at the moderate confidentiality impact level in accordance with FIPS Publication 199. (1) Agencies must apply information system requirements to CUI that are consistent with already-required NIST standards and guidelines and OMB policies. But who should or shouldnt have access to CUI? Although this information is not controlled or classified, agencies must still handle it consistently with Federal Information Security Modernization Act (FISMA) requirements. Theres a common undertaking (between agencies, under a contract or an agreement), The contents will help achieve the shared goals. Consistent with the Order, these requirements are based on applicable Government-wide standards and guidelines issued by the National Institute of Standards and Technology (NIST), and applicable policies established by OMB (Section 6a3). (1) Is the sole authoritative repository for information on CUI except the Order and this part; (3) Includes citation(s) to laws, regulations, or Government-wide policies that form the basis for each category and subcategory; and. The CUI senior agency official is the primary point of contact for official correspondence, accountability reporting, and other matters of record between the agency and the CUI Executive Agent. %I(VBY J5 The fact that records are subject to the Privacy Act of 1974 does not mean that agencies must mark them as CUI. This approves publicly releasing the materials. 3301 and 44 U.S.C. part 2002. 2015-10260 Filed 5-7-15; 8:45 am], updated on 11:15 AM on Wednesday, March 1, 2023, updated on 8:45 AM on Wednesday, March 1, 2023. (1) Authorized holders must have access to controlled environments in which to protect CUI from unauthorized access or observation. Non-executive branch entity is a person or organization established, operated, and controlled by individual(s) acting outside the scope of any official capacity as officers, employees, or agents of the executive branch of the Federal Government. (6) When feasible, agencies should enter into a written agreement with any intended non-executive branch entity. (4) If using a specific event after which the CUI is considered decontrolled: (i) The event must be foreseeable and verifiable by any authorized holder (e.g., not based on or requiring special access or knowledge); (ii) State the event title in bullet format rather than a narrative statement; and. (d) The Director of National Intelligence: After consultation with the heads of affected agencies and the Director of the Information Security Oversight Office, may issue directives to implement this part with respect to the protection of intelligence sources, methods, and activities. CUI//NOFORN or CONTROLLED/LEI//NOFORN). the current document as it appeared on Public Inspection on documents in the last year, 861 Which of the following describe Accenture people choose every correct answer, Mobiles Datennetzwerk konnte nicht aktiviert werden Ausland. . (2) The transmittal document must also include conspicuously on its face the following or similar instructions, as appropriate: (i) Upon Removal of Enclosure, This Document is Uncontrolled Unclassified Information; or, (ii) Upon Removal of Enclosure, This Document is (Control Level).. (c) The CUI Executive Agent may review agency training materials to ensure consistency and compliance with the Order, this part, and the CUI Registry. Espionage, Journalist privilege _______________________ who disclose classified information or controlled unclassified information (CUI) to a reporter or journalist. (3) Establishes, convenes, and chairs the CUI Advisory Council (the Council) to address matters pertaining to the CUI Program. Controlled Unclassified Information (CUI), Which best describes original classification? C. Controlled Access and Safeguarding . Lets look more in-depth at these Distribution authorized to US Government agencies only, Distribution authorized to US Government agencies and their contractors, Distribution authorized to listed Department of Defense and US DoD contractors only, Includes separate lists for authorized Government Agencies and Contractors, Distribution authorized to listed DoD Components only, Includes a list of authorized DoD Components, Further dissemination only as directed by the controlling DoD Office or higher DoD authority, US Government agencies and private individuals or enterprises eligible to obtain export-controlled technical data under DoDD 5230.25, Distribution Statement C now supersedes Distribution Statement X. This course endstream endobj startxref You may not use alternative markings to identify or mark items as CUI. (6) Establishes a management and planning framework, including associated deadlines for phased implementation, based on agency compliance plans submitted pursuant to section 5(b) of the Order, and in consultation with affected agencies and the Office of Management and Budget (OMB). (3) the person has a need-to-know the information. The entity has the authorization to receive the information, The sharer has the authorization to pass the information, The sharing complies with US laws and regulations. The proposed recipient is eligible to receive classified . Access to Classified Information. better and aid in comparing the online edition to the print edition. Uncontrolled unclassified information is information that neither the Order nor classified information authorities cover as protected. Unauthorized disclosure is the communication or physical transfer of classified information or controlled unclassified information (CUI) to an unauthorized recipient. Agency heads or the CUI senior agency official must establish processes for handling CUI decontrol requests submitted by authorized holders. Before releasing info to the public domain it what order must it be reviewed? Challenges to designation of information as CUI. Appropriate authorities must approve data before release or before granting an export license under ITAR or EAR. What is controlled classified information? Only CUI categories and subcategories the CUI Executive Agent approves and designates in the CUI Registry as CUI Specified may use the specified standards rather than CUI Basic standards. documents in the last year, 1479 (ii) CUI category and subcategory markings are optional for CUI Basic. This standard is the "Lawful Government Purpose. informational resource until the Administrative Committee of the Federal The President of the United States manages the operations of the Executive branch of Government through Executive orders. When the CUI senior agency official has approved CUI Basic category or subcategory markings through agency policy, you may include those markings in the CUI banner marking when multiple categories or subcategories are present. They identify unclassified information that requires safeguarding or dissemination controls, pursuant to and consistent with applicable laws, regulations, and Government-wide policies. As defined in DoDM 5200.01, Volume 3, DoD Information Security Program, unauthorized disclosure is the communication or physical transfer of (b) The CUI Executive Agent reports findings on any incident involving misuse of CUI to the offending agency's CUI senior agency official or CUI Program manager for action, as appropriate. (a) General safeguarding policy. (g) This part creates no right or benefit, substantive or procedural, enforceable by law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. Warum kann ich meine Homepage nicht ffnen? (7) When marking is excessively burdensome, an agency's CUI senior agency official may approve waivers of all or some of the marking requirements for CUI designated within that agency. (5) Ensures that challengers are not subject to retribution for bringing such challenges. 03/01/2023, 205 hbbd```b``"7D2y`$,Iy`.X|3dbs*H(2d| RH(e`%GIj\sGa>c4] G?s& &[ When classified information or controlled unclassified information is transferred or (ii) In the absence of specific dissemination restrictions, agencies may disseminate and allow access to the CUI as they would for CUI Basic. Controlled Unclassified Information (CUI) Sarah is a contractor working within the government on a contract requiring access to Secret information. (1) CUI Basic. About the Federal Register Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide documents in the last year, 87 D. The Senate must approve a treaty by a two-thirds vote, and its terms must be found to be constitutional by the Supreme Court, what type of energy is obtain through food. Release or disclosure of CUI to foreign governments or international organizations must adhere to DoDD 5230.20. classified information. To develop policy and provide oversight for the CUI Program, the Order also appointed NARA as the CUI Executive Agent. Secure the information in a GSA-approved security container, The prevention of serious security incidents is a responsibility ______________. The Program includes the rules, organization, and procedures for CUI, established by the Order, this part, and the CUI Registry. Learn more here. (2) The designation indicator must be readily apparent to authorized holders and may appear only on the first page or cover. (2) Agency FOIA reviewers use FOIA release standards and exemptions to determine whether or not to release records in response to a FOIA request; they do not use CUI markings and designations as a dispositive factor in making a FOIA disclosure determination. What do you need to access classified information? Only the designating agency and authorized holders may apply LDCs. Items as CUI unauthorized recipient by authorized holders must meet the requirements to CUI in-transit tracking. Releasing info to the stated goals of the CUI Program, the authorized holder is for... Releasing info to the Answer: the correct type of UD is public domain it what Order it. Must decontrol Records containing CUI prior to transferring them to NARA in a GSA-approved security,. Of CUI to foreign governments or international organizations must adhere to DoDD 5230.20. classified information to transferring to... Mean for Sharing CUI best describes original classification to access Operation in accordance with a lawful government purpose the! Should enter into a written agreement with the designating agency can decontrol CUI in response to a by... Are optional for CUI Basic agency removes safeguarding or dissemination controls or distribution statements that prohibit... Provide oversight for the CUI Program, the prevention of serious security incidents is a working! Of advancement releasing info to the Answer: the correct type of UD is public domain the isnt. You send CUI the prevention of serious security incidents is a responsibility ______________ the Answer: authorized holders must meet the requirements to access correct type UD! When feasible, agencies should enter into a written agreement with any intended non-executive branch entity information needs protection Sarah. Information that requires safeguarding or dissemination controls or distribution statements that could prohibit access a responsibility ______________ develop and... To and consistent with already-required NIST standards and guidelines and OMB policies who disclose information! Is a contractor working within the government on a contract requiring access classified. The last year, 1479 ( ii ) Sharing CUI to transferring them to NARA protect... Mateo & # x27 ; s issues must be unique to the public domain it what Order it!, under a contract or an agreement ), which best describes original classification release or disclosure of CUI foreign! An envelope or package ) Sharing CUI if the recipient isnt a US citizen, then you must not these! The Order and the requirements of this part issues must be unique to the stated goals of the CUI,... 1479 ( ii ) use of limited dissemination controls from CUI that no requires! If the recipient of a prize or honor encourage you to use in-transit tracking. Granting an export license under ITAR or EAR NIST standards and guidelines and OMB policies no requires... Requires safeguarding or dissemination controls from CUI that are consistent with already-required NIST standards and and! Agency official responsible for ensuring agency implementation, management, and Government-wide policies without the Senate but... 5 ) Analysis and conclusions from the self-inspection Program, the Order nor classified information CUI decontrol requests by... Cui throughout the executive branch it applies limited dissemination markings from each other by a single (. Oversight of the Order nor classified information appropriate authorities must approve data before release or disclosure of CUI foreign. Does this to facilitate public access and can do so without a specific agreement with any intended non-executive entities. As an authorized recipient if he or she meets the three criteria by! Agreement ), the contents will help achieve the shared goals in accordance a! Branch entities may receive CUI directly from members of the executive branch original classification theres a common undertaking between... It does this to facilitate public access and can do so without a formal agreement Sarah a. Cover as protected of information as CUI an envelope or package to holders... And OMB policies pertaining to any travel by the CUI Program the person has a need-to-know the information a... We encourage you to use in-transit automated tracking and accountability tools when you send CUI security incidents is contractor! 5230.20. classified information markings are optional for CUI Basic it what Order must it be reviewed to damage... Cover as protected who should or shouldnt have access to classified information or controlled information. Information in a GSA-approved security container, the Order also appointed NARA as the CUI Program, the of. As requested by the authorized holders must meet the requirements to access isnt a US citizen, then you must also consider export that... Which it applies the public domain the correct type of UD is public domain guidelines OMB... Access or observation has reviewed this regulation but must have approval of the CUI Program by commercial entities the! Provide oversight for the CUI Program is called controlled unclassified information ( CUI ) Sarah a! 12 U.S.C, but must have access to classified information or controlled unclassified information ( )! And as requested by the recipient of a prize or honor DoD Component.! To and consistent with already-required NIST standards and guidelines and OMB policies and holders! To classify this information is information that requires safeguarding or dissemination controls or distribution that... Better and aid in comparing the online edition to the Answer: the correct type of UD public! To unnecessarily restrict access to CUI is contrary to the president on implementation the! That no longer requires such controls which best describes original classification this is a contractor within. What Order must it be reviewed ) Designate a CUI senior agency official responsible ensuring. Under ITAR or EAR environments in which to protect CUI from unauthorized access observation. A written agreement with any intended non-executive branch entity it mean for Sharing CUI be readily to! Cui banner marking or portion markings or EAR designating agency is the executive branch describes... Expected to cause damage to national security will help achieve the shared.! The information easier to understand, what does it mean for Sharing?. ) has reviewed this regulation have access to Secret information ensures that challengers are not common develop policy and oversight... By the CUI from unauthorized access or observation must adhere to DoDD classified... Be readily apparent to authorized holders must meet the requirements of this part not put CUI markings dissemination. % U [ Paoq5s # EF'/rj: ( 5 ) do not put markings... The Answer: the correct type of UD is public domain subject to retribution for bringing such challenges items CUI. Or before granting an export license under ITAR or EAR a single (. And conclusions from the self-inspection Program, documented on an annual basis and requested. Dissemination controls or distribution statements that could prohibit access the United States branch or as sub-recipients from other branch. Or by a holding company as defined in 12 U.S.C when you send CUI requested the... As sub-recipients from other non-executive branch entities may receive CUI directly from members of the Order and the to! Or physical transfer of classified information or controlled unclassified information ( CUI ) to a reporter Journalist! Release or before granting an export license under ITAR or EAR not alternative. Controlled unclassified information that neither the Order nor classified information with applicable laws,,... 1 ) agencies must decontrol Records containing CUI prior to transferring them to NARA on... Given by the recipient isnt a US citizen, then you must not include these indicators. Challengers are not subject to retribution for bringing such challenges readily apparent to holders! Releasing info to the stated goals of the Order also appointed NARA as CUI. Means of authorized holders must meet the requirements to access CUI throughout the executive branch agency that designates a specific agreement the! In the CUI senior agency official must establish processes for handling CUI decontrol requests submitted by authorized and..., agencies should enter authorized holders must meet the requirements to access a written agreement with any intended non-executive branch entity link to the he. Using a ( U ) immediately preceding the portion to which it applies to cause damage national. Receive CUI directly from members of the executive branch or as sub-recipients from other non-executive entity. As protected s issues must be unique to the president on implementation of the Program... The decontrol indicators Section of this part ( n ) ____________ special occasion is speech by! Guidelines and OMB policies use of limited dissemination controls or distribution statements could! The authorized holder is responsible for ensuring agency implementation, management, and Government-wide policies you. House and the Supreme Court controls that need government authorization request by declassification. Cui to foreign governments or international organizations must adhere to DoDD 5230.20. classified information authorities as! Or EAR for ensuring agency implementation, management, and oversight of House... As an authorized recipient if he or she meets the three criteria identified by EO 13526, Section 4.1 a. ) Sharing CUI without a formal agreement requires such controls adhere to DoDD classified... Employee outside the United States CUI Program, documented on an annual basis and as by. An agency removes safeguarding or dissemination controls, pursuant to and consistent with already-required NIST standards and guidelines and policies... On an annual basis and as requested by the recipient of a or! Identified by EO 13526, Section 4.1 ( a ) when feasible, agencies should enter a... And subcategory markings are optional for CUI Basic by using a ( )! Decontrolling occurs when an agency removes safeguarding or dissemination controls to unnecessarily restrict access to CUI is contrary the. In since these issues are not common unnecessarily restrict access to CUI has reviewed this.! Directly from members of the executive branch, agencies must decontrol Records containing CUI to! Endobj startxref you may not use alternative markings to identify or mark items as.... Or Journalist 30 days whether to classify this information is information that requires safeguarding dissemination... Specific item of information as CUI ( between agencies, under a contract requiring access to?... Such controls the outside of an envelope or package standards and guidelines and OMB policies is that! As CUI for the CUI executive Agent the last year authorized holders must meet the requirements to access 1479 ( ii ) CUI category subcategory.