CUI Compliance

Home » Our Data Protection Solutions » Data Compliance Regulations » CUI Compliance

What is the Controlled Unclassified Information (CUI) program?

The Controlled Unclassified Information (CUI) program standardizes the way all U.S. government agencies and military entities handle unclassified information that requires safeguarding. It clarifies and limits what kinds of information to protect, defines what is meant by “safeguard”, reinforces existing legislation and regulations, and promotes authorized information-sharing. Since its implementation on Dec. 31, 2017, all Department of Defense (DoD) contractors that process, store, or transmit CUI must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards or risk losing their DoD contracts.

The challenge

While it is critical to set standardized controls for the way information is handled, the process of implementing CUI markings across agency data is complex, time-consuming, and sometimes unclear. Yet all agencies are required to use CUI markings on all data that is not classified.

The solution

Titus Config for CUI is a data protection solution enabling government agencies and contractors to automatically apply consistent CUI markings that comply with all regulations to appropriately safeguard sensitive government information.

How our solution works

To avoid confusion among the vast array of government agencies and third-party contractors serving those agencies, it is important to ensure that all entities in this ecosystem use the same procedures to implement the CUI markings. Titus Config for CUI uses preconfigured libraries that, in combination with the Titus policy engine, streamline the CUI markings process for both email and documents, making it easy for users to implement the CUI framework accurately and consistently.

Automatically apply CUI markings

Upon saving a document or hitting send in an email, the Titus policy engine scans for sensitive data and applies the appropriate Banner and Portion markings automatically. Users do not have to do anything.

Apply the full list of CUI categories and subcategories

Titus has developed configurations that, while not needed by every customer, are 100% in line with NARA’s marking requirements and support multiple fields. Agencies must apply a uniform set of information handling controls for Basic CUI and more individualized controls for Specified CUI (preceded by an “SP” in markings). The Titus solution can differentiate between these different types of data and apply the appropriate markings and information handling policies. Even though a particular agency may only use a few CUI categories internally, users still need support for all of the CUI categories because they likely exchange information across governmental departments. It also supports categorization of data in a mixed Classified and Unclassified environment.

Follow formatting guidelines

The CUI Marking Handbook, published by NARA, outlines how CUI markings should visually appear in documents and emails. Titus has worked closely with NARA to incorporate the CUI categories and marking guidelines into the Titus Config for CUI, including all the nuances of how the markings should appear on the page. Titus also tracks CUI designations that require additional information to appear in the footer of a document and automatically applies that as well.

Manually tailor Banner and Portion markings

Users can manually apply Banner and Portion CUI markings using Titus buttons that appear within document and email toolbars. The user experience within these features can be customized< for specific user groups or entire agencies. A “My Categories” drop-down menu allows users to select from a list of frequently used CUI categories rather than having to scroll through all 240 options. An “All” drop-down makes the entire list of categories available when needed. Users can further customize CUI markings via the toolbar commands to depart from default policy settings or to include additional information as needed:

Designator agency and contact information
Decontrol dates
Redaction parameters for specified information
Clearance checking
Automated encryption

Navigate CUI complexities with confidence

The preconfigured policy engine in Titus Config for CUI has been built with a nuanced understanding of the markings. If a user introduces an error when manually selecting Banner or Portion markings, the Titus solution will detect the problem, halt the send or save, and alert the user.

Keep data secure

Correct CUI markings ensure that data stays within the approved domain and is viewed only by the appropriate audience. Distribution is controlled by the Dissemination Controls either selected by the user or applied automatically through Titus’ sophisticated policy configuration. The Titus policy engine also helps you optimize your other security solutions to protect CUI as well. Working in the background, Titus metadata makes it easier for data loss prevention (DLP) and encryption technologies, network guards, archiving solutions, and other security solutions to recognize sensitive government information and apply the appropriate controls.

Download the Titus Config for CUI solution brief

Discover how Titus makes it easy for your agency to accurately and securely apply CUI markings that coomplies with all regulations to appropriately safeguard sensitive government information.

Download PDF