Back
CUI
Ask About CUITake Assessment

CUI

Controlled Unclassified Information

Controlled Unclassified Information (CUI) is information that requires safeguarding but is not classified. Defense contractors handling CUI must implement NIST SP 800-171 security controls and comply with DFARS 252.204-7012 requirements.

Key Topics

CUI categories and marking requirements
NIST SP 800-171 security controls (110 controls)
DFARS 252.204-7012 compliance
Cyber incident reporting (72-hour requirement)
System Security Plans (SSP)
Plans of Action and Milestones (POA&M)
Flow-down to subcontractors
Cloud computing requirements (FedRAMP)

Sample Questions

Click any question to start a conversation with the AI expert.

What are the different CUI categories and how do I mark them?

What are the 110 NIST SP 800-171 security controls?

How do I report a cyber incident involving CUI?

What should be included in a System Security Plan?

What are the CUI flow-down requirements for subcontractors?

What cloud services are approved for CUI storage?

Key References

DFARS 252.204-7012
Safeguarding Covered Defense Information
NIST SP 800-171
Protecting CUI in Nonfederal Systems
32 CFR Part 2002
CUI Program
NIST SP 800-171A
Assessing Security Requirements
FedRAMP
Cloud Service Authorization
DoD CUI Registry
CUI Categories and Subcategories

Related Domains

CMMC
DFARS
International
Ethics

Have Questions About CUI?

Get instant, expert answers from our AI-powered compliance assistant.

Ask About CUITake CUI Assessment