C3 has merged with Ingalls Read Press Release >>

CUI Marking & Identification Guide

A guide to understanding Controlled Unclassified Information, how to identify CUI in your organization, and how to correctly mark information as CUI.

Download the eBook

Marking & Identifying Controlled Unclassified Information

For defense contractors and companies doing business with the U.S. federal government, understanding the laws, regulations, and Government-wide policies that govern Controlled Unclassified Information (CUI) can be frustratingly difficult.

Often, organizations struggle to answer basic questions around what constitutes CUI, how to identify whether they even have any CUI, and how to appropriately label mark information as CUI. This guide provides a summary of the various requirements surrounding CUI, addressing common questions such as:

– What Is CUI / What Is Not CUI?
– Who Can Designate CUI?
– How Do I Know If My Contract Has CUI?
– Should I Mark My Document, Research, or Data as CUI?
– Should My Intellectual Property Be Designated as CUI?
– How to Mark U.S. Government-Controlled Items
– Reference: Prescribed CUI Markings
– Reference: Limited Dissemination Controls

This information in this guide should not be construed as legal advice. You should consult a qualified government contracts attorney if you have questions about your contractual requirements – if you need a referral from our network, just reach out!

Related Resources

Microsoft 365 GCC / GCC High Buyer’s Guide


Microsoft 365 GCC / GCC High Buyer’s Guide

The Microsoft 365 GCC / GCC High Buyer's Guide is a flight manual for organizations to make informed decisions around leveraging Microsoft 365 GCC options for compliance with DFARS, CMMC,...
MSP Maturity Check

MSP Maturity Check

Managed Service Providers (MSPs) are increasingly targeted by attackers for the privileged access they hold in multiple customer environments. The MSP Maturity Check includes questions you can use to vet...
Zero Trust Strategies for DoD Compliance

Zero Trust Strategies for DoD Compliance

As today's dominant security paradigm, zero trust moves cybersecurity defenses away from network-based security perimeters toward individual resources like user identities and devices. For defense contractors, adopting a zero-trust strategy...