(3) All questions concerning CUI may be addressed to the SAO or CUI PM via or search the CUI FAQs or our webpage at /cui.ī. (2) GSA’s CUI Program Manager (PM) is accountable to the SAO and is responsible for coordinating all aspects of the CUI Program, supported by Subject Matter Experts (SMEs) across the agency. SAO duties are assigned within GSA IT to the Deputy CIO in accordance with Chapter 9 of the GSA Delegations of Authority Manual, ADM 5450.39. (1) GSA’s Senior Agency Official (SAO) for CUI has overarching responsibility for the CUI Program within GSA. (3) The CUI Advisory Council consists of representatives from each executive branch agency who work with the EA on CUI-related matters. (2) The Information Security Oversight Office (ISOO), a NARA component, performs the duties assigned to NARA as the EA for the CUI Program. (1) Executive Order 13556 designates the National Archives and Records Administration (NARA) as the CUI Executive Agent (EA) to implement the CUI Program, oversee agency actions, and ensure compliance with the EO. Specific details about the types of information considered to be CUI are listed in the CUI Registry which can be found at /cui. This information does not include classified information or information a non-executive branch entity possesses or maintains in its own systems that did not come from, or was not created or possessed by or for, an executive branch agency or an entity acting for an executive branch agency. The CUI Program covers any information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that is required to be protected under law, regulation, or Government-wide policy. § 2002 to establish a uniform policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements, and other facets of the program.ĭ. On September 14, 2016, NARA issued a final rule amending 32 C.F.R. Under the CUI Program, only the categories of information listed in the CUI Registry will be marked and handled as CUI.Ĭ. EO 13556 established a uniform program for managing CUI. In the past, agencies employed ad hoc, agency-specific policies, procedures, and markings to safeguard and control sensitive information and there was no Government-wide direction on what information should or should not be protected. Executive Order (EO) 13556, Controlled Unclassified Information, establishes an open and uniform program for managing information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, or Government-wide policies, excluding information that is classified under Executive Order 13526 of December 29, 2009, or the Atomic Energy Act, as amended (hereinafter described as Controlled Unclassified Information (CUI)).ī. ![]() Added additional policies in the References section.Ī. Added responsibilities previously in the CUI Guide andĭ. Added policy-related sections that were previously in the CUI Guide Ĭ. This Order cancels and supersedes CIO 2103.1, Controlled Unclassified Information (CUI) Policy, dated May 16, 2017.ģ. CUI is unclassified information that requires safeguarding and dissemination controls pursuant to law, regulation, or Government-wide policy, as listed in the CUI Registry by the National Archives and Records Administration (NARA).Ģ. ![]() ![]() ![]() To establish a General Services Administration (GSA) policy and framework for Controlled Unclassified Information (CUI). SUBJECT: Controlled Unclassified Information (CUI) Policyġ. 2103.2 CIO Controlled Unclassified Information (CUI) Policy
0 Comments
Leave a Reply. |