Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems
What Are CUI and CDI? (And Why Should You Care?)

by Erik Briceno

With the year-end deadline rapidly approaching for meeting updated federal cybersecurity standards, it’s important to know what’s involved.

What we’re talking about is safeguarding Controlled Unclassified Information (CUI). This type of information regularly moves through or resides on the internal networks or information systems of most federal contractors. Simply put, the government wants to strengthen security to keep that information secure.

What Exactly Is CUI?

What Are CUI and CDI? (And Why Should You Care?)To fully safeguard this information, you need to understand what qualifies as CUI. In short, this is sensitive government information that needs protecting, but isn’t actually classified.

The National Archives and Records Administration provides a lengthy definition of what constitutes CUI. The government terminology boils down to this: CUI is a broad category of information the government creates or possesses — or that an entity creates or possesses on behalf of the government, which includes federal contractors — that needs to be safeguarded.

The National Archives oversees efforts to establish consistent practices and procedures for safeguarding, disseminating, controlling and marking CUI across executive branch departments and agencies. It’s an effort to implement a single standard for handling the sensitive information, rather than the patchwork of programs that previously existed at hundreds of different federal jurisdictions.

“The CUI Program establishes one government-wide system for unclassified information requiring safeguarding and disseminating controls,” said Archivist of the United States David S. Ferriero.

What About CDI?

You also may come across the term CDI. That’s because the Department of Defense (DoD) has its own coordinating rules for cybersecurity, and it uses the term Covered Defense Information (CDI).

DoD uses the term CDI almost interchangeably with CUI. In its final rule on the matter, DoD confirmed this. They stated the definitions they use are intended to be consistent with those of the National Archives’ definition of what constitutes CUI.

If you’re confused about what all these definitions mean, we can help you find answers about how your business could be impacted. Our support staff will help you understand whether the information you work with meets these federal definitions.

What Are CUI and CDI? (And Why Should You Care?)Why Should You Be Worried About This?

If you handle this type of government information, you need to comply with the regulations outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.

The deadline for implementing these updated cybersecurity systems is Dec. 31, so there’s no time to waste. We understand the importance of network security and data protection, and we’ll help you protect the federal information you need for your business’ critical operations.

Contact us with your questions, so we can help you maintain the government contacts your business needs to succeed.

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Let V2 Systems take care of your IT while you take care of business.

About ebriceno
What Are CUI and CDI? (And Why Should You Care?)
What Are CUI and CDI? (And Why Should You Care?)