Record and nonrecord copies of CUI documents are disposed of in accordance with the USGS retention schedule (refer to SM 431.6). Dissemination via electronic means should be through Government networks and approved electronic information communication technology and tools.į. Access and dissemination of CUI is permitted for lawful Government purposes to authorized users unless otherwise prohibited by law, regulations, Government-wide policies, or USGS policy. When CUI is included in a document that contains any type of classified information, that document is referred to as “commingled.” Commingled documents are subject to CUI and Classified Security restrictions (refer to SM 440.3).Į. Commingling CUI with Classified Information. (4) Must not be in common or public areas.ĭ. (3) Have key control procedures or electronic access devices to limit or control access to areas where CUI is stored, handled, or processed and (2) Have physical barriers including locking doors, overhead bins, drawers, or file cabinets (1) Be capable of showing evidence of tampering or alteration Controlled access for physical records must: This can be accomplished by controlling access to cloud storage, shared drives, file folders, and intranet sites that meet Federal security requirements. In the electronic environment, barriers should exist that ensure only those with a lawful Government purpose have access to controlled information. When not under the direct control of an authorized holder, CUI must be protected with at least one physical or electronic barrier. If so, the authorized holder is responsible for applying CUI markings and dissemination instructions accordingly.Ĭ. The authorized holder of a document or material is responsible for determining, at the time of creation, whether information in a document or material falls into a CUI category.
Additionally, there are two categories when marking CUI – CUI Specified and CUI Basic (see the CUI Registry). These markings are intended to ensure creators and recipients know the sensitivity of the information contained in the document, media, or system (i.e., subject line of an email sent or received). All information containing CUI regardless of format or media and systems must have authorized markings that are listed in the CUI Registry and comply with the instructions for marking contained in the Handbook for Marking Documents. The CUI registry also provides dissemination controls, if applicable.ī. The CUI Registry provides the categories and subcategories of information that will be marked and handled as CUI. CUI is unclassified information that requires protection as identified in a law, regulation, or Government-wide policy. Identifying Controlled Unclassified Information. This SM chapter establishes the USGS CUI Program for the identification, handling, marking, protecting, sharing, dispositioning, and decontrolling of CUI.Ī.
SM 440.3, National Security InformationĤ. NIST SP 8000-88, Guidelines for Media SanitizationĮ. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171Ĭ. Executive Order 13526, December 29, 2009, Classified National Security Informationĭ. Executive Order 13556, November 4, 2010, Controlled Unclassified InformationĬ. Geological Survey (USGS) controlled unclassified information (CUI) program and assigns responsibilities for program management and operations to ensure adequate protection of sensitive but unclassified information.ī.
0 kommentar(er)
