What is The CUI Registry?

Executive Order 13556 specifies categories of non-classified information to be safeguarded and designates the National Archives and Records Administration (NARA) as Executive Agent (EA) to implement the CUI program. NARA maintains official CUI categories and subcategories within the CUI Registry. For a full listing of categories, please visit CUI Registry General Guidelines site. The Department of Defense maintains a DoD specific version of the CUI Categories which can be found at https://www.dodcui.mil/.

CUI categories are divided into two subsets: basic and specified. Both subsets require compliance with NIST Special Publication 800-171.

• CUI Basic must be safeguarded, handled, disseminated, marked, and destroyed in accordance with NIST 800-171.
• CUI Specified is CUI for which there are laws, regulations or government-wide policies that address specific safeguarding and handling. For example, export controlled information must meet either International Traffic In Arms Regulations (ITAR) or the Export Administration Regulations (EAR). 

Each federal agency is responsible for identifying and marking CUI and specifying handling requirements. In the absence of such guidance, it is the responsibility of the project PI to reach out to a program manager for CUI guidance. This is especially important for solicitations or contracts with the Department of Defense, which currently has the most mature Federal CUI program.