September 27, 2023 1 min read

What actual policies govern Controlled Unclassified Information (CUI)?  

Currently, the following four (4) main policies govern CUI:
  1. Executive Order 13556 “Controlled Unclassified Information” ( assigns policy responsibilities, and prescribes procedures for CUI throughout the DoD.
  2. 32 CFR Part 2002 “Controlled Unclassified Information” Part 2002 ( establishes the CUI Program throughout the Federal Government and describes the roles, responsibilities, along with other essential provisions of the CUI program.
  3. DoDI Instruction 5200.48 “Controlled Unclassified Information” ( This order effectively establishes a uniform program for managing information that requires safeguarding or dissemination controls throughout the Federal Government.
  4. NIST Special Publication 800-171 Rev. 2 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” ( This publication identifies the baseline for CUI system security requirements as “The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions.” 

Need to Implement a DoD CUI Program? Talk to Arlington

DoD contractors - and other contractors providing services to federal agencies - need to have in place established policies, procedures, and processes regarding CUI that’s resident within their information systems. What federal contractors need is a CUI Program. Arlington can help, as we offer the following CUI services and solutions:

  • CUI Scoping & Gap Assessments
  • CUI Policy Development
  • CUI Identification
  • CUI Contractual Language Review
  • CUI Marking (Digital)
  • CUI Marking (Physical)