Originally published in the January-February, 2017 issue of The Military Engineer by the Society of American Military Engineers (SAME)
Those working in the federal sector, specifically the Department of Defense (DOD) and General Services Administration (GSA), have seen contractor cybersecurity requirements taking shape since 2010. For Official Use Only and Sensitive But Unclassified, and their control policies, will be replaced by Controlled Unclassified Information (CUI) during 2017.
CUI is a program established by Executive Order 13556 in November 2010 to manage “information that requires safeguarding or dissemination controls.” The goal is to provide uniformity in labeling of these materials across the executive branch. The executive order established the National Archives and Records Administration as the manager of the program.