CUI Marking and Identification Guide

CUI Marking & Identification Guide

A guide to understanding Controlled Unclassified Information, how to identify CUI in your organization, and how to correctly mark information as CUI.

Marking & Identifying Controlled Unclassified Information

For defense contractors and companies doing business with the U.S. federal government, understanding the laws, regulations, and Government-wide policies that govern Controlled Unclassified Information (CUI) can be frustratingly difficult.

Often, organizations struggle to answer basic questions around what constitutes CUI, how to identify whether they even have any CUI, and how to appropriately label mark information as CUI. This guide provides a summary of the various requirements surrounding CUI, addressing common questions such as:

– What Is CUI / What Is Not CUI?
– Who Can Designate CUI?
– How Do I Know If My Contract Has CUI?
– Should I Mark My Document, Research, or Data as CUI?
– Should My Intellectual Property Be Designated as CUI?
– How to Mark U.S. Government-Controlled Items
– Reference: Prescribed CUI Markings
– Reference: Limited Dissemination Controls

This information in this guide should not be construed as legal advice. You should consult a qualified government contracts attorney if you have questions about your contractual requirements – if you need a referral from our network, just reach out!

Related Resources

GCC High Buyer’s Guide

The GCC High Buyer's Guide is a flight manual for organizations to make informed decisions around leveraging evaluating Microsoft 365 GCC High for compliance with DFARS, CMMC, and U.S. export...

Learn More

Zero Trust Strategies for DoD Compliance

As today's dominant security paradigm, zero trust moves cybersecurity defenses away from network-based security perimeters toward individual resources like user identities and devices. For defense contractors, adopting a zero-trust strategy...

Learn More
Steel Root Illustration of a salesmen high pressuring a frustrated customer.

MSP Maturity Check

Managed Service Providers (MSPs) are increasingly targeted by attackers for the privileged access they hold in multiple customer environments. The MSP Maturity Check includes questions you can use to vet...

Learn More