For Government Agencies and Federal Contractors
32 CFR Part 2002, Controlled Unclassified Information (CUI), became effective November 14, 2016 and standardizes safeguarding and sharing practices of “Sensitive Information”. CUI policy is designed to complement all NIST & FIPS Standards, and requires establishing a program that implements “an open and uniform program for managing information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies”.
“Day-0”, or the effective date, is November 14, 2016. Agencies must be at an Initial Operating Capability (IOC) by November 14, 2017 to be compliant. Agencies must be at an Full Operating Capability (FOC) by November 14, 2019 to be compliant.
Compliance requires developing a program that consists of:
- Agency-Level Policy and Guidance
- Training for Affected Agency Personnel
- Information Systems (Automated & Non-Automated)
- Agency (Self) Inspection Program and Quality Management
For government contractors, the ruling applies equally to information systems used or operated by an agency, or by a contractor of an agency or other organization on behalf of an agency
Building upon our experience with other federal sensitive information programs such as 42 CFR Part 2 (healthcare privacy protection of sensitive information), our information engineers, analysts, security engineers, and architects can help design and implement a 32 CFR Part 2002 CUI Program that satisfies IOC and FOC capabilities using our “Quick Start” approach and toolset.
Additionally, our patented Security Labeling Service (SLS) represents a powerful technology that allows you to plan and implement information marking that conforms to 32 CFR Part 2002 and interfaces with existing commercial access control and authorization control systems to fully implement safeguards and controls for CUI operational capability.
For more information about how our expertise and technologies can help, please contact us.