Inching Towards Uniformity – Proposed Rule Governing Controlled Unclassified Information

Nearly five years after Executive Order 13556 mandated a government-wide, uniform approach to safeguarding of certain unclassified information—to be known as "controlled unclassified information" (CUI)—the National Archives and Records Administration proposed, on May 8, 2015, a rule that, along with final publication of NIST Special Publication 800-171 (targeted for June 2015) and a standard FAR clause (not yet proposed), would replace the patchwork of markings and controls that have impeded both the government and its contractors in knowing what unclassified information should be protected and how. The proposal, open for comment until July 7, includes such key elements as (1) a publicly available CUI Registry that identifies all categories of CUI to be controlled and which are "CUI Specified," meaning that the controls are specified by statute; (2) standardized markings for CUI, mandatory when disseminated outside the government; and (3) identification of the decontrol authority and establishment of a decontrol process.