How to Know if You Handle or Have CUI?

Learn how to identify if you handle or have CUI, and the cybersecurity steps you need to take to keep CUI data secure.
The cyber threat landscape is evolving at a rapid pace, and guarding critical infrastructure and sensitive information against both nation-states and non-state actors has become a top priority for the government. If you are, or thinking about, working in a government capacity, understanding the security measures you need to have in place is an essential part of landing top contracts with the DoD. Every government contractor handles different types of information, and it is critical that you know exactly what type of information falls into the various levels of CUI. CUI, or “controlled unclassified information” is information that requires safeguarding or dissemination controls that adhere to applicable law, regulations, and government policies but is NOT classified under Executive Order 13526 “Classified National Security Information” or the Atomic Energy Act, as amended. CUI is not classified information. It is not corporate intellectual property (unless created or included in requirements related to a government contract). A full overview of CUI can be found here. As a nationally recognized and accredited as a registered provider organization by the Cybersecurity Maturity Model Certification Accreditation Cody (CMMC-AB), one of the most frequent questions we get is “how do we know what level of CMMC we need to qualify for?”  The short answer – if you handle CUI, then you are a Level 3 or higher. The obvious next question is “how do I know if I have CUI?”  Below you’ll find a helpful guide and process to understand and identify if you likely handle CUI.
US DoD Controlled Unclassified Information (CUI) Identification Guide
US DoD Controlled Unclassified Information (CUI) Identification Guide
If you’re ever considering taking on government contracting, or wondering if you may need to know more about what it would look like to ensure you’re following the most recent regulations about controlled unclassified information (CUI) or controlled technical information (CTI), you may want to look into CMMC (Cyber Maturity Model Specification). You can find out more information about CMMC here or email our team at [email protected] if you’d like assistance in identifying if you handle DoD CUI. Need more information about CUI?  Read CUI – What Is It And Why Should You Care?

Follow Us on Social Media

Subscribe to our Blog

Most Recent Blog Posts

Don’t Stop Here

More Useful Security Information

Top Cyber security myths

Top Cyber Security Myths: Part 2


It’s easy to oversimplify cyber security and assume you’re protected. There are a lot of myths out there, and we’re addressing the top myths you might face on a daily basis. Get ready to get debunked.

Top Cyber Security Myths: Part 1


In our digital world, where everything about us and our businesses exists in a digital format, cybercrime and data loss are potentially the biggest threats to the success of your business. Cybercrime is on the rise and small and mid-sized businesses continue to be targeted. Let’s address the top cybersecurity myths so you know how to target your business security needs.