THE WHITE HOUSEMEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIESOffice of the Press Secretary
(Crawford, Texas)May 7, 2008
SUBJECT: Designation and Sharing of Controlled Unclassified Information (CUI)
Purpose
(1) This memorandum (a) adopts, defines, and institutes "Controlled Unclassified Information" (CUI) as the single, categorical designation henceforth throughout the executive branch for all information within the scope of that definition, which includes most information heretofore referred to as "Sensitive But Unclassified" (SBU) in the Information Sharing Environment (ISE), and (b) establishes a corresponding new CUI Framework for designating, marking, safeguarding, and disseminating information designated as CUI. The memorandum's purpose is to standardize practices and thereby improve the sharing of information, not to classify or declassify new or additional information.
背景 - 当前的SBU环境
(2) The global nature of the threats facing the United States requires that (a) our Nation's entire network of defenders be able to share information more rapidly so those who must act have the information they need, and (b) the United States Government protect sensitive information, information privacy, and other legal rights of Americans. A uniform and more standardized governmentwide framework for what has previously been known as SBU information is essential for the ISE to succeed. Accordingly, this memorandum establishes a standardized framework designed to facilitate and enhance the sharing of Controlled Unclassified Information.
Definitions
(3) In this memorandum, the following terms have the meaning indicated:
一个。"Controlled Unclassified Information" is a categorical designation that refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is (i) pertinent to the national interests of the United States or to the important interests of entities outside the Federal Government, and (ii) under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. Henceforth, the designation CUI replaces "Sensitive But Unclassified" (SBU).
Policy -- The CUI Framework湾"CUI Council" is a subcommittee of the Information Sharing Council (ISC), created by the Intelligence Reform and Terrorism Prevention Act of 2004 (Public Law 108-458) (IRTPA).
C。"CUI Framework" refers to the single set of policies and procedures governing the designation, marking, safeguarding, and dissemination of CUI terrorism-related information that originates in departments and agencies, regardless of the medium used for the display, storage, or transmittal of such information.
d。"CUI Framework Standards Registry" (the "CUI Registry") refers to the official list of, and recognized standards for, CUI markings including "safeguarding," and "dissemination" maintained by the Executive Agent.
即"Departments and Agencies" means executive agencies as defined in section 105 of title 5, United States Code; the United States Postal Service; but not the Government Accountability Office.
f. "Enhanced Safeguarding" is a handling requirement that means the information so designated is subject to measures more stringent than those normally required because inadvertent or unauthorized disclosure would create a risk of substantial harm. This requirement is indicated by the marking "Controlled Enhanced."
G。"Executive Agent" means the National Archives and Records Administration (NARA).
H。"Information" means any communicable knowledge or documentary material, regardless of its physical form or characteristics, that is owned by, is produced by or for, or is under the control of the Federal Government.
一世。“信息共享环境”是指便于共享的方法“恐怖主义信息”,由IRTPA的部1016所定义的。
j. "Safeguarding" means measures and controls that are prescribed to protect controlled unclassified information.
ķ。“未分类的敏感”集体指的是足够的敏感,以保证保护从公开的一些级别但不保证分类的文件和资料在联邦政府内迄今使用的各种名称。
湖“指定传播”是一个处理指令的装置,以便所指定的信息是受支配,其传播被允许的范围内的附加说明。
m. "Standard Dissemination" is a handling instruction that means dissemination is authorized to the extent it is reasonably believed that dissemination would further the execution of lawful or official mission purpose, provided that individuals disseminating this information do so within the scope of their assigned duties.
ñ。“标准维护”是一个处理的要求,即装置,以便所指定的信息是受该减少未经授权的或无意的泄露的风险基线保护措施。这一要求应通过利用标记来表示“控制。”
O操作。“与恐怖主义相关的信息”指(i)的信息,到2007年的9/11委员会法案的实施建议界定公共110-53法,部分504;(ⅱ)国土安全信息,由6 U.S.C.所限定482(F);及(iii)执法信息涉及恐怖主义。
(4) The uniform use of CUI is essential to fostering an effective ISE. All departments and agencies shall apply the CUI Framework, which consists of the following policies and standards, as outlined in paragraphs 5-19 for the designation, marking, safeguarding, and dissemination of any CUI terrorism-related information within the ISE that originates in departments and agencies, regardless of the medium used for its display, storage, or transmittal.
(5)所有崔应值得两级维护过程中的一种:标准(标记为“控制”)或增强(标记“受控增强”)。
(6)所有CUI应值得传播控制的两个层次中的一个:“标准传播”或“指定传播”。
(7) All CUI shall be (a) categorized into one of three combinations of safeguarding procedures and dissemination controls, and (b) so indicated through the use of the following corresponding markings:
(一世)“控制与标准传播”meaning the information requires standard safeguarding measures that reduce the risks of unauthorized or inadvertent disclosure. Dissemination is permitted to the extent that it is reasonably believed that it would further the execution of a lawful or official purpose.
(8) Any additional CUI markings may be prescribed only by the Executive Agent. Use of additional CUI markings is prohibited unless the Executive Agent determines that extraordinary circumstances warrant the use of additional markings.(ii)“控制与指定的传播”这意味着信息需要保护的是减少未经授权或无意的泄露的风险的措施。材料含有对什么是允许传播的附加说明。
(ⅲ)“受控加强与指定传播”meaning the information requires safeguarding measures more stringent than those normally required since the inadvertent or unauthorized disclosure would create risk of substantial harm. Material contains additional instructions on what dissemination is permitted.
(9) Departments and agencies shall apply the CUI Registry's standards. The originator of CUI may not impose any additional safeguarding or dissemination requirements upon the recipient(s). No department or agency shall create CUI categories or rules outside the CUI Framework.
(10)CUI的收件人应报告任何未经授权的或无意的公开内容,以所述指定机构。
(11) All CUI shall be marked in a clear manner and conform to statutory and regulatory requirements, if any, regarding markings. Recipients of CUI that is not marked shall mark the information appropriately and inform the originator that it has been so marked.
(12) Wherever possible, it is expected that departments and agencies will re-mark archived or legacy material when it is incorporated into the ISE.
(13) CUI markings may inform but do not control the decision of whether to disclose or release the information to the public, such as in response to a request made pursuant to the Freedom of Information Act (FOIA).
(14) Originating departments and agencies shall retain control of decisions regarding whether to disseminate CUI materials beyond their Standard or Specified Dissemination instructions, including any dissemination to the media or general public.
(15) Material that contains both CUI and non-CUI information, or that contains multiple categories of CUI, should be marked accordingly by portions such that those categorical distinctions are apparent.
(16) The CUI markings shall be incorporated into ISE-related information technology (IT) projects under development or developed in the future and shall be reflected in plans for new information technologies.
(17)崔标记应使用不管the medium through which the information appears or conveys. Oral communications should be prefaced with a statement describing the controls when necessary to ensure that recipients are aware of the information's status.
(18) Departments or agencies shall not impose safeguarding requirements or dissemination controls on information in the ISE that is neither classified nor CUI.
(19)当一个部门或机构从国家,地方,部落,私营部门或外国合作伙伴收到崔始发,任何非联邦政府传统标记应予以保留,除非发端授权其去除。
(20) Implementation of the CUI Framework shall commence upon the date of this memorandum and shall be completed within 5 years.
崔框架实现
(21) The Executive Agent shall be responsible for overseeing and managing implementation of this CUI Framework.
(22) The Executive Agent shall have the following authorities and responsibilities:
一个。制定和发布崔政策标准和实施指导,这份备忘录,其中包括国家,地方,部落,私营部门适当的建议,并为实现崔框架外国合作伙伴的实体相一致。在适当时,建立新的保护和传播控制,并且在该特殊情况下保证使用的附加CUI标记,授权使用这种附加的标记的判定;
(23)一种CUI理事会兹建立作为ISC的一个小组委员会。其成员应从ISC的成员绘制。崔理事会应:湾Establish and chair the CUI Council;
C。Establish, approve, and maintain safeguarding standards and dissemination instructions, including "Specified Dissemination" requirements proposed by the heads of departments and agencies;
d。Publish the CUI safeguarding and dissemination standards in the CUI Registry;
即监控部门和机构遵守崔政策,标准和标志;
f. Establish baseline training requirements and develop an ISE-wide CUI training program to be implemented by departments and agencies;
G。Provide appropriate information regarding the CUI Framework to the Congress, to State, local, tribal, and private sector entities, and to foreign partners;
H。建议对投诉和等部门和机构的有关正确的指定或崔的标记之间的纠纷的崔安理会的决议部门和机构的负责人;和
一世。Establish, in consultation with affected departments and agencies, a process that addresses enforcement mechanisms and penalties for improper handling of CUI.
一个。Serve as the primary advisor to the Executive Agent on issues pertaining to the CUI Framework;
(24),各部门,各机构与藏应当与恐怖主义有关的信息的头部:湾Advise the Executive Agent in developing procedures, guidelines, and standards necessary to establish, implement, and maintain the CUI Framework;
C。Ensure coordination among the departments and agencies participating in the CUI Framework;
d。建议关于正确指定或崔的标记部门和机构之间的投诉和纠纷的解决执行代理;和
即适当时,与ISC的国家,地方,部落和私营部门小组委员会进行磋商。
一个。Ensure the implementation of the CUI Framework within such department or agency;
Designating CUI湾Promulgate guidance for the implementation of the CUI Framework within such department or agency, consistent with ISE-wide CUI policies issued by the CUI Executive Agent, as established in paragraph 21;
C。Adopt markings listed in the CUI Registry maintained by the Executive Agent as the exclusive CUI markings used by such department or agency, consistent with paragraphs 5-8 of this memorandum;
d。Propose any necessary "Specified Dissemination" instructions to the Executive Agent for approval and listing in the CUI Registry;
e。指定一个appropriately qualified senior official from within the department or agency as its representative on the CUI Council;
f. Implement a CUI training program for their respective department or agency, based on the ISE-wide training program established by the Executive Agent, and ensure all appropriate personnel (i) understand CUI policies and procedures, and (ii) can apply them when creating, disseminating, or safeguarding CUI material;
G。建立一个流程,使它们各自的部门或机构的地址不遵守该机构内的新崔框架,并确保管理和监督问题或疑虑,可以提升到相应的部门或机构的决策者;金博宝正规网址
H。Establish a process within their respective department or agency that, where appropriate, promptly raises to the Executive Agent matters of concern regarding the Framework; and
一世。Ensure full implementation of the CUI Framework, consistent with policies, guidance, and standards established by the Executive Agent, within 5 years of the date of this memorandum.
(25) Information shall be designated as CUI and carry an authorized CUI marking if:
一个。法规规定或授权这样的指定;要么
(26)尽管如上所述,信息不应被指定为CUI:湾the head of the originating department or agency, through regulations, directives, or other specific guidance to the agency, determines that the information is CUI. Such determination should be based on mission requirements, business prudence, legal privilege, the protection of personal or commercial rights, safety, or security. Such department or agency directives, regulations, or guidance shall be provided to the Executive Agent for review.
一个。于(i)隐瞒违法行为,效率低下,或行政错误的;(二)防止尴尬联邦政府或任何联邦官员,任何组织或机构;(iii)与在私营部门竞争不当或非法干扰;或(iv)预防或延迟的不需要这种保护信息的发布;
例外崔湾if it is required to be made available to the public; or
C。如果它已经被适当之下向公众发布。
(27) This memorandum requires that all CUI originated by departments and agencies and shared within the ISE shall conform to the policies and standards for the designating, marking, safeguarding, and disseminating established in accordance with this memorandum. However, infrastructure protection agreements not fully accommodated under the CUI Framework (and its associated markings, safeguarding requirements, and dissemination limitations) shall be considered exceptions to this CUI Framework. Infrastructure protection exceptions include and apply to information governed by or subject to the following regulations:
一个。6 CFR Pt. 29 -- PCII (Protected Critical Infrastructure Information);
(28) The CUI Framework shall be used for such information to the maximum extent possible, but shall not affect or interfere with specific regulatory requirements for marking, safeguarding, and disseminating.湾49 CFR Pts. 15 (Department of Transportation) & 1520 (Department of Homeland Security/Transportation Security Administration) -- SSI (Sensitive Security Information);
C。6 CFR Pt. 27 -- CVI (Chemical Vulnerability Information); and
d。10 CFR铂。73 - SGI(保障信息)。
(29)受影响的部门或机构authorized to select the most applicable CUI safeguarding marking for the regulation. Any additional requirements for the safeguarding beyond that specified under the CUI Framework shall be appropriately registered in the CUI Registry. Any regulatory marking shall follow the CUI marking, and a specified dissemination instruction shall articulate any additional regulatory requirements.
一般规定
(30) This memorandum:
一个。shall be implemented in a manner consistent with applicable law, including Federal laws protecting the information privacy rights and other legal rights of Americans, and subject to the availability of appropriations;
湾应与有关部门和机构各自的部门或机构负责人的主要人员的法定权力相一致的方式实施;
C。shall not be construed to impair or otherwise affect the functions of the Director of the Office of Management and Budget relating to budget, administrative, and legislative proposals; and
d。is intended only to improve the internal management of the Federal Government and is not intended to, and does not, create any rights or benefits, substantive or procedural, enforceable at law or in equity by a party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
布什