Controlled Unclassified Information (CUI)

Controlled Unclassified Information (CUI) — Foundation, Original and Derivative Classification

CUI Definition

CUI is information:

The government creates or possesses
Or that an entity creates or possesses for or on behalf of the government

…that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.

CUI Reference

Requirements, controls, and protective measures developed for these materials are found in DoDI 5200.48_AFI 16-1403, *Controlled Unclassified Information*.

Original Classification

Original Classification Definition

Original classification is:

The initial decision by an original classification authority
That an item of information could reasonably be expected to cause identifiable or describable damage to the national security subjected to unauthorized disclosure
And requires protection in the interest of national security

OCA Authority

ONLY officials designated in writing may make original classification decisions.

Derivative Classification

Derivative Classification Foundation

USAF policy is to:

Identify, classify, downgrade, declassify, mark, and protect classified information and records
Destroy classified records containing classified information, consistent with national policy
Protect CUI per national policy

Derivative Classification Authority

Within the Department of Defense, ALL cleared personnel are authorized to derivatively classify information, IF:

They have received initial training before making derivative classification decisions
They have received refresher training every year

Derivative Classification Definition

Derivative classification is:

Incorporating classified information in a new form or document
Paraphrasing classified information in a new form or document
Restating classified information in a new form or document
Generating classified information in a new form or document

Authorized Sources

Derivative Authorized Sources

Derivative classifiers must use authorized types of sources for making decisions.

Critical Responsibility

Derivative Critical Responsibility

One of the MOST important responsibilities of the derivative classifier is to:

Observe the classification determinations made by an original classification authority
Respect the classification determinations made by an original classification authority

CUI — Marking, Safeguarding (SF 312), End-of-Day Security Checks

Marking Classified Information

Marking Foundation

All classified information shall be clearly identified by:

Marking
Designation
Or electronic labelling

…in accordance with DoDM5200.01V2_AFMAN16-1404V2, *Information Security Program: Marking of Classified Information*.

Marking Purposes

7 Marking Purposes

Marking classified information serves to:

Alert holders to the presence of classified information
Identify the information needing protection
Indicate the level of classification assigned to the information
Provide guidance on downgrading (if any) and declassification
Give information on the sources of and reasons for classification
Notify holders of special access, control, or safeguarding requirements
Promote information sharing, facilitate judicious use of resources, and simplify management through implementation of uniform and standardized processes

Specific Markings on Documents

Document Marking Foundation

Every classified document must be marked to show the HIGHEST classification of information contained within the document.

Marking Conspicuousness

The marking must be conspicuous enough to alert anyone handling the document that the document is classified.

Required Document Elements

Every document will contain:

The overall classification of the document
Banner lines
Portion markings indicating the classification level of specific classified information within the document
The classification authority block
Date of origin
Downgrading instructions, if any
Declassification instructions

Three Most Common Markings

3 Most Common Markings

The three most common markings on a classified document:

Banner lines
Portion markings
Classification authority block

Safeguarding Classified Information

Personal Responsibility

Everyone who works with classified information is PERSONALLY responsible for taking proper precautions to ensure unauthorized persons do not gain access to classified information.

Three Access Requirements

3 Access Requirements

Before granting access to classified information, the person must have:

Security clearance eligibility
A signed Standard Form (SF) 312, *Classified Information Non-Disclosure Agreement*
A need-to-know

Authorized Person Verification

The individual with authorized possession, knowledge, or control of the information must determine whether the person receiving the information has been granted the appropriate security clearance access by proper authority.

Constant Surveillance

An authorized person shall keep classified material removed from storage under CONSTANT surveillance.

Coversheets Required

The authorized person must place coversheets on classified documents NOT in secure storage to prevent unauthorized persons from viewing the information.

Three Coversheet Forms

3 Coversheet Forms

The following forms will be used to cover classified information outside of storage:

SF 703 — Top Secret (Cover Sheet)
SF 704 — Secret (Cover Sheet)
SF 705 — Confidential (Cover Sheet)

End-of-Day Security Checks

SF 701 End-of-Day

Use SF 701, *Activity Security Checklist*, to record the end of the day security checks.

When SF 701 Required

SF 701 Required

This form is required for any area where classified information is:

Used
Stored

Check Items

SF 701 Check Items

Ensure the following used for storing classified material are checked:

All vaults
Secure rooms
Containers

Storage Standards

Classified information systems should specifically be stored in:

A general services administration approved safe
Or in buildings or areas cleared for open storage of classified