Controlled Unclassified Information (CUI) Markings Guide

Meet New CMMC 2.0 Information Handling Requirements

CUI Marking Requirements and Management in Microsoft Applications 

With a renewed focus on protecting controlled unclassified information CUI and several regulations governing its handling, including DFARS, FAR and CMMC 2.0, understanding CUI protection is of utmost importance to all US Government agencies, Defense contractors and suppliers.
CUI, which is maintained in government and contractor systems, is often a target and a cyber risk for the DOD, but the process of labeling and classifying CUI can be a complex endeavor.
If you have CUI it needs to be marked accordingly. The purpose of CUI markings and the CUI Designation Indicator is to inform or alert recipients and/or users that CUI is present and of any limited dissemination controls. 
In this Guide to CUI Markings you'll learn about:
  • Mandatory CUI tagging and visual marking requirements for Defense and the supply chain.
  • The challenges of labeling and restricting access to CUI in Microsoft 365, GCC and GCC High.
  • How to automate CUI identification and application of visual markings.
  • Adding ABAC policies to control CUI access and what authorized users can do with files if access is granted (e.g., print, save, email).

Who should read this:

  • CMMC Program Leads
  • Defense Contractors
  • Defense Suppliers
  • C3PAOs
  • IT Teams 
  • Information Security Teams