One of the prime responsibilities is to protect and safeguard any type of private and classified information.
Controlled Unclassified Information (CUI) was defined by the directive from the then US President George W. Bush on 9th May 2008. it defines what controlled unclassified information is and how and where it should be shared and what it contains.
The controlled unclassified information or CUI replaces the terms like 'For official use only', 'Sensitive but unclassified ', and enforcement sensitive categories. Thus it has simplified the definition of governmental classified and confidential data into simpler terms but with a much broader objective and implementation.
The National Archives Department of the US was given the objective and responsibility to implement the CUI. Since the standards, guidelines, and policies have been implemented and amended from time to time for protection and better implementation of CUI across all government departments and agencies.
What is the scope of the CUI?
The CUI is any type of governmental data that is not intended for public disclosure. It deals with any type of data that is very sensitive to disclosure. Every person or agency or organization has to be granted rights and obtain the permission of the NARA and the US government for getting access to CUI.
The scope of the data under CUI includes anything that is considered and marked as private and unclassified by the government such as data pertaining to defense projects and safety systems.
The CUI seeks the agencies and government bodies to ensure the security and safety of such information.
Some of the examples of CUI are-
Data on military projects and research facilities of the US military weapons research and development
Data related to critical energy infrastructure such as information about nuclear stations and nuke sites.
Satellite information related to military intelligence, etc.
How is CUI protected by the government?
As it is confidential and the use and its safety must be maintained at all times. Sometimes the governmental agencies have to share data with third-party contractors or vendors who work on a contractual basis with the governmental bodies.
To protect this, the government came out with a standard called the 5200.48 which is the standard for sharing and giving data to the US government's Department of Defence.
If you wish to know more about the CUI and the implementation of the CMMC or about the auditors and training of them auditors visit - https://cmmcmarketplace.org/blog/qualifying-cmmc-auditors-in-the-age-of-covid-19-mpehy
People who are working for the Department of Defense (DoD) may already know how much of an emphasis has been placed in recent times on cybersecurity.
The DoD has published Defense Acquisition Federal Regulation Supplement (DFARS) in 2015 which stipulated that all those private contractors who are working for the DoD must abide by the rules and standards of NIST SP 800-717 on cybersecurity.
And this rationale behind DFARS act is to safeguard the country's defense supply chain against the data breaches and threats posed by cyber attackers both domestically and internationally.
This led to forcing more than 300,000 private DoD contractors by DFARS to adapt to these new standards and rules so that they comply with the present law system.During contract awards procedures, DoD actively discriminates against all those private companies or DoD contractor who is not possessing the necessary cybersecurity standards.
Despite the urgency whipped up by the DoD, thousands of private companies have yet to comply with the DFARS new standards and in fact, few private contractors have made false claims about their compliance.
In order to deal with these problems, DoD has created the Cybersecurity Maturity Model Certification (CMMC).What is CMMC Compliance:The DoD has created the Cybersecurity Maturity Model Certification (CMMC) compliance in order to ensure that all the private companies or contractors observe appropriate levels of cybersecurity controls.
