How to Know if You Handle or Have CUI?

Learn how to identify if you handle or have CUI, and the cybersecurity steps you need to take to keep CUI data secure.
The cyber threat landscape is evolving at a rapid pace, and guarding critical infrastructure and sensitive information against both nation-states and non-state actors has become a top priority for the government. If you are, or thinking about, working in a government capacity, understanding the security measures you need to have in place is an essential part of landing top contracts with the DoD. Every government contractor handles different types of information, and it is critical that you know exactly what type of information falls into the various levels of CUI. CUI, or “controlled unclassified information” is information that requires safeguarding or dissemination controls that adhere to applicable law, regulations, and government policies but is NOT classified under Executive Order 13526 “Classified National Security Information” or the Atomic Energy Act, as amended. CUI is not classified information. It is not corporate intellectual property (unless created or included in requirements related to a government contract). A full overview of CUI can be found here. As a nationally recognized and accredited as a registered provider organization by the Cybersecurity Maturity Model Certification Accreditation Cody (CMMC-AB), one of the most frequent questions we get is “how do we know what level of CMMC we need to qualify for?”  The short answer – if you handle CUI, then you are a Level 3 or higher. The obvious next question is “how do I know if I have CUI?”  Below you’ll find a helpful guide and process to understand and identify if you likely handle CUI.
US DoD Controlled Unclassified Information (CUI) Identification Guide
US DoD Controlled Unclassified Information (CUI) Identification Guide
If you’re ever considering taking on government contracting, or wondering if you may need to know more about what it would look like to ensure you’re following the most recent regulations about controlled unclassified information (CUI) or controlled technical information (CTI), you may want to look into CMMC (Cyber Maturity Model Specification). You can find out more information about CMMC here or email our team at if you’d like assistance in identifying if you handle DoD CUI. Need more information about CUI?  Read CUI – What Is It And Why Should You Care?

Follow Us on Social Media

Subscribe to our Blog

Most Recent Blog Posts

Don’t Stop Here

More Useful Security Information

What Is Phishing and How To Avoid It


Phishing is one of the most notorious dangers of the online world. You should be prepared to recognize and avoid these social engineering attacks because

How to Evaluate Your Technology Needs


New technology solutions hit the market every day, each one promising to solve your company’s unique problems. It’s easy to see how business leaders get