Introduction
In the world of the U.S. Department of Defense (DoD), there is one word that has an effect across-the-board, yet it isn’t apprehended well. The word is CUI (Controlled Unclassified Information) and defined as a piece of information that needs to be safeguarded by the needs of government policies, laws, and regulations. DoD employees need to have answers when it comes to safeguarding CUI. A DoD employee needs to know how to react to an attack, cyber security, and its effect on it. Although there are several aids available to get the solutions and for proper guidance to whom a DOD employee can turn. Let us know ‘Where Should DoD Employees Look For Guidance On Safeguarding CUI?’.
Where Should DoD Employees Look For Guidance On Safeguarding CUI?
In this article, we’ll show you how safeguarding CUI can be easy work with the proper guidance.
What are the guidance for DoD Employees look on safeguarding CUI?
Before going to the guidance for safeguarding CUI, let us briefly understand CUI and some of its examples.
As explained above, CUI needs dissemination controls consistent with government laws, regulations, and policies. It is not classified information or corporate intellectual property unless it is included in requirements related to a government contract. Some of the well-known examples that people are aware of are:
- PBI (Proprietary Business Information)
- SPII (Sensible Personally Identifiable Information)
- PII (Personally Identifiable Information)
- FOUO (For Official Use Only), and many more.
DoD pamphlet 3450.09 and other resources for the guidance of CUI requirements
CVV (Centralized Verification and Validation) procedures are given to a building. A DoD employee has to check those procedures with the Security Manager, and that employee has to follow those. DoD pamphlet 3450.09 has all the details regarding the protocols. CVV is essential for all the Department of Defense establishments, but for those facilities that don’t have the CVV, the other guidelines on CUI requirements are as follows:
NISPOM (National Industrial Security Program Operating Manual)
To prevent unauthorized disclosures developed by contractors, licensees, or certificate holders, NISPOM establishes certain protections for disclosed classified information. There’s a rule which incorporates the requirement for Security Executive Agent Directive (SEAD) 3 that Reporting Requirements for Personnel with Access to Classified Information or Who Hold a Sensitive Position.
RMF-EI (The Risk Management Framework for Electronic Information)
The RMF provides a process that integrates activities like chain supply management, privacy, and security into the system development life cycle. This approach applies to any new systems or legacy systems, such as IoT and control systems.
Office of Management and Budget
The Office of Management directly serves the President of the United States and looks at the execution of the President’s visions across the Executive branch. The task of the OMB is to aid the President in the budget, meeting policy, regulatory objectives, and management.
Budget Circular A-130
The OBM revised Circular A-130 on July 2016, which reflects on the changes in law and technological advancement. Its role is privacy and security in the Federal information life cycle. The circular also promotes innovation, appropriate information sharing, adoption of new technology, and a few more while focusing on toughening privacy and security.
The workers looking for guidance on safeguarding their PSF (Personnel Security Files)
The following is the list of some publications and guidelines for employees on safeguarding their PSF or CAF (Central Adjudication Facility):
- DoD 5200 series publication
- DoD 5200.1-R
- DoD 5220.22-R.
- DoD 5220.22-M
- DoDI (Department of Defense Instruction) 5200.2-R 6.
- DoDD (Department of Defense Directive) 5200.2
- DoDD 5200.22
- Information Assurance technical implementation guides
DoDD (Department of Directive) 5200.02
The main subject of this directive is DoD PSP (Personnel Security Program). The instructions of this directive involve the Military Departments, Defense agencies, the office of the Inspector General of the DoD, and all other organizations in the DoD. One of the policies of this directive is that no person can be appointed or assigned to a national security position when unfavorable personnel render a decision.
OPM Policy letter
The Office of Personnel Management’s (OPM) Protection Guide for Sensitive but Unclassified Information, dated May 12, 2008, and OPM’s Policy Letter on Guidance for Industry and Government Agencies on How to Protect Sensitive Information in Personnel Security Files, dated February 10, 2009, both guides how to protect sensitive information in personnel security files. In addition, some of the responsibilities of OPM are HR and employee management, managing retirement benefits, the hiring process for the federal service, and health insurance.
Conclusion
To protect the secrecy and security of CUI, there is a well-rounded approach. DoD uses physical, network security, and audit trail methods to maintain privacy and prevent outside threats. In addition, those safeguards shield against the unintentional exposure of personal data, and by implementing non-disclosure agreements signed by people who deal with sensitive data daily.
FAQs
- What are the ways to safeguard CUI?
CUI is handled in a place where it is easy to monitor and can spot unwanted access. While faxing or reproducing CUI, you may utilize the equipment approved by the agency.
- Who is responsible for applying marking and dissemination instructions?
The authorized holder of the document is in charge of the instructions for applying marking and dissemination.
