How to Know if You Handle or Have CUI?

Learn how to identify if you handle or have CUI, and the cybersecurity steps you need to take to keep CUI data secure.
The cyber threat landscape is evolving at a rapid pace, and guarding critical infrastructure and sensitive information against both nation-states and non-state actors has become a top priority for the government. If you are, or thinking about, working in a government capacity, understanding the security measures you need to have in place is an essential part of landing top contracts with the DoD. Every government contractor handles different types of information, and it is critical that you know exactly what type of information falls into the various levels of CUI. CUI, or “controlled unclassified information” is information that requires safeguarding or dissemination controls that adhere to applicable law, regulations, and government policies but is NOT classified under Executive Order 13526 “Classified National Security Information” or the Atomic Energy Act, as amended. CUI is not classified information. It is not corporate intellectual property (unless created or included in requirements related to a government contract). A full overview of CUI can be found here. As a nationally recognized and accredited as a registered provider organization by the Cybersecurity Maturity Model Certification Accreditation Cody (CMMC-AB), one of the most frequent questions we get is “how do we know what level of CMMC we need to qualify for?”  The short answer – if you handle CUI, then you are a Level 3 or higher. The obvious next question is “how do I know if I have CUI?”  Below you’ll find a helpful guide and process to understand and identify if you likely handle CUI.
US DoD Controlled Unclassified Information (CUI) Identification Guide
US DoD Controlled Unclassified Information (CUI) Identification Guide
If you’re ever considering taking on government contracting, or wondering if you may need to know more about what it would look like to ensure you’re following the most recent regulations about controlled unclassified information (CUI) or controlled technical information (CTI), you may want to look into CMMC (Cyber Maturity Model Specification). You can find out more information about CMMC here or email our team at if you’d like assistance in identifying if you handle DoD CUI. Need more information about CUI?  Read CUI – What Is It And Why Should You Care?

Follow Us on Social Media

Subscribe to our Blog

Most Recent Blog Posts

Don’t Stop Here

More Useful Security Information

Top 10 IT Security Myths — Debunked


Thanks to the recent COVID-19 pandemic, there has been a historic shift in the way people work. Remote work or work-from-home (WFH) policies were set

Cybersecurity Policies That Bridge Generations


Cybersecurity policies are necessary for any business to avoid becoming cybercrime victims. Cybercrimes continue to rise as cybercriminals get more creative- it’s imperative every business