DoD: Systems and assets, whether physical or virtual, so vital the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters, across any Federal, State, regional, territorial, or local jurisdiction. Possession of system types (vendor, model/serial #, year, etc.) allows for malicious actors to narrow attack vectors to systems that support the Defense Critical Infrastructure potentially causing degradation or mission failure. DCI comprises Defense Critical Assets and Task Critical Assets.

This is not a CUI category 

Ammonium Nitrate 

Related to registration information of those who own and operate ammonium nitrate facilities, purchasers of ammonium nitrate, and the regulation of sales and transfers of ammonium nitrate.

Specified

Chemical-terrorism Vulnerability Information

In accordance with Section 550(c) of the Department of Homeland Security Appropriations Act of 2007, the following information, whether transmitted verbally, electronically, or in written form, shall constitute CVI, see (1) - (9).

Basic // Specified

Emergency Management

Related to information concerning the continuity of executive branch operations during all-hazards emergencies or other situations that may disrupt normal operations. // DoD applies this to Continuity of Operations Planning (COOP) and Mission Assurance.

Basic  

General Critical Infrastructure Information

Systems and assets, whether physical or virtual, so vital that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters, across any Federal, State, regional, territorial, or local jurisdiction.

Basic

Geodetic Product Information 

Related to imagery, imagery intelligence, or geospatial information.

Basic  

Physical Security

Related to protection of federal buildings, grounds or property.

Basic // Specified

Protected Critical Infrastructure Information

As defined by 6 USC 131-134, and 6 CFR 29, PCII relates to threats, vulnerabilities, or operational experience related to the national infrastructure. PCII offers protection to private sector infrastructure information voluntarily shared with government entities for purposes of homeland security. // Possession of system types (vendor, model/serial #, year, etc.) allows for malicious actors to narrow attack vectors to systems that support the Defense Critical Infrastructure potentially causing degradation or mission failure. DCI comprises Defense Critical Assets and Task Critical Assets.

Specified

SAFETY Act Information

Defined as “SAFETY Act Confidential Information” in 6 CFR Part 25, the regulations implementing the Support Anti-terrorism by Fostering Effective Technologies Act of 2002, SAFETY Act Information includes any and all information and data voluntarily submitted to the Department of Homeland Security under this part (including Applications, Pre-Applications, other forms, supporting documents and other materials relating to any of the foregoing, and responses to requests for additional information), including, but not limited to, inventions, devices, Technology, know-how, designs, copyrighted information, trade secrets, confidential business information, analyses, test and evaluation results, manuals, videotapes, contracts, letters, facsimile transmissions, electronic mail and other correspondence, financial information and projections, actuarial calculations, liability estimates, insurance quotations, and business and marketing plans.

Basic

Water Assessments

Vulnerability Assessments on the risks and security of public drinking water systems, to include, but not be limited to, a review of pipes and constructed conveyances, physical barriers, water collection, pretreatment, treatment, storage and distribution facilities, electronic, computer or other automated systems which are utilized by the public water system, the use, storage, or handling of various chemicals, and the operation and maintenance of such system.

Basic

This is not a CUI category 

Controlled Technical Information

Controlled Technical Information means technical information with military or space application subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information is to be marked with one of the distribution statements B through F, in accordance with Department of Defense Instruction 5230.24, "Distribution Statements of Technical Documents." The term does not include information that is lawfully publicly available without restrictions. "Technical Information" means technical data, technology, software, or computer software, including technology and software subject to the Export Administration Regulations (EAR), technical data subject to the International Traffic in Arms Regulations (ITAR), and technical information in Defense Federal Acquisition Regulation Supplement clause 252.227-7013, "Rights in Technical Data - Noncommercial Items" (48 CFR 252.227-7013). Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer software executable code and source code.

Basic // Specified

Naval Nuclear Propulsion Information 

 Related to the safety of reactors and associated naval nuclear propulsion plants, and control of radiation and radioactivity associated with naval nuclear propulsion activities, including prescribing and enforcing standards and regulations for these areas as they affect the environment and the safety and health of workers, operators, and the general public.

Basic // Specified

Unclassified Controlled Nuclear Information - Defense

 Relating to Department of Defense special nuclear material (SNM), equipment, and facilities, as defined by 32 CFR 223.

Basic // Specified

DoD primarily uses Export Control as a dissemination/distribution control rather than a category.

This is not a CUI category

Export Controlled Research

Related to the systematic investigation into and study of materials and sources in order to establish facts and reach new conclusions.

Basic

This is not a CUI category

Bank Secrecy

Information that is provided to the government pursuant to the Bank Secrecy Act, including but not limited to, suspicious activity reports (SAR), currency transaction reports (CTR), reports of international transportation of currency or monetary instruments (CMIR), reports of cash payment over $10,000 received in trade or business, and reports of foreign bank and financial accounts (FBAR). Reports filed under the Bank Secrecy Act (BSA), codified in relevant part at 31 U.S.C. § 5311 et seq, are specifically exempt from disclosure under the Freedom of Information Act, codified at 5 U.S.C. § 552, and also may not be disclosed under any State, local, tribal, or territorial “freedom of information,” “open government,” or similar law. See 31 U.S.C. § 5319; 5 U.S.C. § 552(b)(3). These reports (BSA Reports), are maintained in a system of records containing information compiled for law enforcement investigative purposes that has been exempted from the access provisions of the Privacy Act in accordance with 5 U.S.C. §§ 552a(j)(2) and (k)(2). BSA Reports may only be re-disseminated in strict accordance with guidelines established by the Financial Crimes Enforcement Network (FinCEN), the Treasury bureau that administers the BSA. Suspicious Activity Reports, one of the types of required reports filed under the BSA, are required to be kept confidential in accordance with 31 U.S.C. § 5318(g)(2) and implementing regulations. To the extent information falling under the purview of the BSA is collected, accessed, or used for any Federal tax administration purpose, it is also subject to the confidentiality provisions of the Internal Revenue Code, codified at 26 U.S.C. § 6103.

Basic // Specified

Comptroller General

Concerning the Officer of the United States Government who is charged with duties relating to fiscal affairs, including auditing, examining accounts, and reporting the financial status of the United States Government.

Basic // Specified

Consumer Complaint Information

Related to information concerning consumer complaints or inquiries concerning financial institutions or consumer financial products and services, and responses to them.

Specified

Electronic Funds Transfer

Relating to the computer-based systems used to perform financial transactions electronically.

Basic  

Financial Supervision Information

Related to information connected to an agency's responsibilities to supervise, examine, and evaluate a financial institution.

Basic

General Financial Information

Related to the duties, transactions, or otherwise falling under the purview of financial institutions or United States Government fiscal functions. Uses may include, but are not limited to, customer information held by a financial institution.

Basic // Specified

International Financial Institutions

Relating to entities that provide financial services for its clients or members, and were established (or chartered) by more than one country, and hence are subjects of international law.

Basic

Net Worth

Related to the net worth of an individual and/or their affiliates in certain administrative proceedings.

Specified

Retirement

Related to post-employment funding provided by an employer.

Basic

This is not a CUI category

Battered Spouse or Child

Related to information within applications and associated hearings provided by, or that could identify, a battered spouse or child of a US citizen or US permanent resident seeking independent protected status within the United States.

Basic

Permanent Resident Status

Related to applications and associated hearings to grant permanent residency to foreign nationals living in the United States.

Basic

Status Adjustment

Related to applications for the adjustment of immigration status.

Basic

Victims of Human Trafficking

Related to identifiable information of persons who have been victims of human trafficking and their family members.

Basic

Visas

Related to applications or permits to enter the United States.

Basic

This is not a CUI category

Foreign Intelligence Surveillance Act

 Related to unclassified and declassified information that is collected from unconsenting individuals under the authority of the Foreign Intelligence Surveillance Act (FISA).

Specified

Foreign Intelligence Surveillance Act Business Records

Related to books, records, papers, documents, and other items produced for an investigation to obtain foreign intelligence information.

Specified

General Intelligence

Related to intelligence activities, sources, or methods.

Basic // Specified

Intelligence Financial Records

Related to financial records obtained for intelligence or counterintelligence activity, investigation, or analysis.

Specified

Internal Data

Refers to a category of information that is not intended to be disseminated beyond CIA channels that involves intelligence activities, sources, or methods. This information may also relate to the CIA's organization, functions, names, official titles, salaries, or numbers of personnel.

Basic // Specified

This is not a CUI category

This is not a CUI category

Accident Investigation

Related to information obtained during the course of an accident or incident investigation. Including but not limited to information related to wreckage, records, mail, or cargo. 

Specified

Campaign Funds

Related to information obtained in connection to an investigation into campaign finance and disclosure laws. Usage may include but is not limited to notification or investigation pertaining to financial support of a candidate for election.

Specified

Communications

Related to the contents of any wire, oral, or electronic communication.

Basic

Controlled Substances

Information obtained by the Drug Enforcement Administration (DEA) or in DEA investigative reports related to controlled substances.

Specified

Criminal History Records Information

Related to information collected by criminal justice agencies on individuals consisting of identifiable descriptions and notations of arrests, detentions, indictments, information, or other formal criminal charges, and any disposition arising therefrom, including acquittal, sentencing, correctional supervision, and release.

Specified

General Law Enforcement

Related to techniques and procedures for law enforcement operations, investigations, prosecutions, or enforcement actions.

Basic

Informant

Related to the identity of a human source.

Basic // Specified

Investigation

Related to information obtained during the course of a law enforcement investigation or action, civil or criminal.

Basic // Specified

Law Enforcement Financial Records

Related to financial records obtained for law enforcement purposes.

Specified

National Security Letter

Related to administrative orders sent to compel the recipients of the letters to provide information to federal investigators.

Basic

Pen Register/Trap & Trace

Related to devices used to identify incoming and outgoing telephone numbers.

Basic

Sex Crime Victim

Related to the identity of a victim of a sex offense.

Basic

Terrorist Screening

Related to information gathering and analysis concerning possible threats or acts of a destructive nature.

Basic

Whistleblower Identity

Identity of anyone providing information relating to a legal violation or illicit or unsafe activity, including information provided by a whistleblower which could reasonably be expected to reveal the identity of a whistleblower.

Basic // Specified

Administrative Proceedings

Adjudication of agency-related matters including, but not limited to, dispute resolution, settlements, and issuances of orders.

Basic // Specified

Child Pornography

From 18 USC 2256(8) "child pornography" means any visual depiction, including any photograph, film, video, picture, or computer or computer-generated image or picture, whether made or produced by electronic, mechanical, or other means, of sexually explicit conduct, where— (A) the production of such visual depiction involves the use of a minor engaging in sexually explicit conduct; (B) such visual depiction is a digital image, computer image, or computer-generated image that is, or is indistinguishable from, that of a minor engaging in sexually explicit conduct; or (C) such visual depiction has been created, adapted, or modified to appear that an identifiable minor is engaging in sexually explicit conduct

Specified

Child Victim/Witness

Information pertaining to a minor who was a victim, witness, or potential witness to a criminal act.

Basic  

Federal Grand Jury

Material obtained pursuant to a federal grand jury subpoena, which includes (1) any reference to a specific sitting grand jury; (2) any documentation or data obtained by a grand jury subpoena if disclosure of such material tends to reveal what transpired before or at the direction of the federal grand jury; (3) documentation prepared specifically for the federal grand jury; and (4) transcripts or other recordings of testimony presented to the federal grand jury.

Basic // Specified

Legal Privilege

Per 12 USC 78x: The term "privilege" includes any work-product privilege, attorney-client privilege, governmental privilege, or other privilege recognized under Federal, State, or foreign law. Per 502(g): (1) "attorney-client privilege" means the protection that applicable law provides for confidential attorney-client communications; and (2) "work-product protection" means the protection that applicable law provides for tangible material (or its intangible equivalent) prepared in anticipation of litigation or for trial.

Basic

Legislative Materials

Data related to Congress’s legislative, investigatory or oversight responsibilities of the Executive branch of the Federal government. This includes data related to proposed or pending legislation as well as inquiries submitted by Congress to Federal agencies, agency responses to those inquiries and any other information which, if disclosed, would reveal the nature and scope of Congressional inquiries.

Basic  

Prior Arrest

Information related to previous instances of law enforcement official's apprehension and formal processing of a suspect.

Basic 

Protective Order

Stipulation that certain information that would normally fall under discovery rules will not be disclosed for specifically stated reason.

Basic // Specified

Victim

Information requiring protection of the name or other details that may identify one who was the victim of a crime.

Basic  

This is not a CUI category

Archaeological Resources

Related to information about the nature and location of any archaeological resource for which the excavation or removal requires a permit or other permission.

Specified

Historic Properties

Related to the location, character, or ownership of historic property.

Specified

This is not a CUI category

NATO Restricted

Per the United States Security Authority for NATO, Instruction 1-07, information classified as ""NATO Restricted"", the fourth level of classification under the North Atlantic Treaty, requires safeguards and protection from public release and disclosure. This category does not apply to information classified NATO Confidential, NATO SECRET or NATO COSMIC TOP SECRET.

Specified

NATO Unclassified

Per the United States Security Authority for NATO, Instruction 1-07, this is information classified as "NATO Unclassified", which may only be used for official NATO purposes and may carry administrative or dissemination limitation markings.

Specified

General Nuclear

Application for patent filed under 35 U.S.C. 111(a) that includes all types of patent applications (i.e., utility, design, plant, and reissue) except provisional applications. The nonprovisional application establishes the filing date and initiates the examination process. A nonprovisional utility patent application must include a specification, including a claim or claims; drawings, when necessary; an oath or declaration; and the prescribed filing fee.

Basic // Specified

Nuclear Recommendation Material

Related to recommendations to the Secretary of Energy with respect to Department of Energy defense nuclear facilities as determined necessary to ensure adequate protection of public health and safety.

Basic

Nuclear Security-Related Information

Related to information that could be useful, or could reasonably be expected to be useful, to a terrorist in a potential attack that does not qualify as Safeguards or classified information, including the exact location and quantities of radioactive material, certain detailed design drawings, information on nearby facilities, emergency planning information, and certain assessments of vulnerability and safety analyses.

Basic // Specified

Unclassified Controlled Nuclear Information - Energy

Relating to certain design and security information concerning nuclear facilities, materials, and weapons, specific to the Department of Energy.

Basic // Specified

This is not a CUI category

Patent Applications

Application for patent filed under 35 U.S.C. 111(a) that includes all types of patent applications (i.e., utility, design, plant, and reissue) except provisional applications. The nonprovisional application establishes the filing date and initiates the examination process. A nonprovisional utility patent application must include a specification, including a claim or claims; drawings, when necessary; an oath or declaration; and the prescribed filing fee.

Basic // Specified

Secrecy Orders

An order by the Commissioner of Patents that an invention be kept secret and to withhold the publication of an application or the grant of a patent due to national security concerns.

Basic

This is not a CUI category

Contract Use

Stipulations for a contractor to meet before material may be used in performance of certain contracts.

Specified

General Privacy

Refers to personal information, or, in some cases, "personally identifiable information," as defined in OMB M-17-12, or "means of identification" as defined in 18 USC 1028(d)(7).

Basic // Specified

Genetic Information

The term "genetic information" means, with respect to any individual, information about-- (i) such individual's genetic tests, (ii) the genetic tests of family members of such individual, and (iii) the manifestation of a disease or disorder in family members of such individual.

Basic // Specified

Health Information

As per 42 USC 1320d(4), "health information" means any information, whether oral or recorded in any form or medium, that (A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.

Basic // Specified

Military Personnel Records

Any member or former member of the armed forces or affiliated organization of the Department of Defense.

Basic

Student Records

 As per 20 USC 1232g, the Family Educational Rights and Privacy Act of 1974, an education record which is comprised of those records which are directly related to a student.

Basic // Specified

This is not a CUI category

Small Business Research and Technology

Relating to certain "Small Business Innovation Research Program" and "Small Business Technology Transfer Program" information in a government database, as referenced in 15 USC 638(k)(2).

Specified

Source Selection

Per FAR 2.101: any of the following information that is prepared for use by an agency for the purpose of evaluating a bid or proposal to enter into an agency procurement contract, if that information has not been previously made available to the public or disclosed publicly: (Items 1-10).

Basic // Specified

This is not a CUI category

Ocean Common Carrier and Marine Terminal Operator Agreements

Relating to agreements between or among ocean common carriers and marine terminal operators as referenced in 46 USC 40301 and 40306.

Basic 

Ocean Common Carrier Service Contracts

Relating to an agreement for the provision of services filed with the Federal Maritime Commission as referenced in 46 USC 40502(b), 46 CFR 530.4, and/or 46 CFR 531.4(a).

Basic

Proprietary  Manufacturer

Relating to the production of a consumer product to include that of a private labeler.

Specified

System for Award Management

Relating to the primary United States Government system for contractor registration and awards.

Basic 

This is not a CUI category

Homeland Security Agreement Information

 Information DHS receives and is required to protect pursuant to an agreement with state, local, tribal, territorial, and private sector partners. DHS receives this information in furtherance of the missions of the Department, including but not limited to, support of the Fusion Center Initiative and activities for cyber information sharing consistent with the Cybersecurity Information Security Act.

Basic

Information Systems Vulnerability Information - Homeland

"a. DHS information technology internal systems data revealing infrastructure used for servers, desktops, and networks; applications name, version and release; switching, router, and gateway information; interconnections and access methods; mission or business use/need. Examples of information are systems inventories and enterprise architecture models. Information pertaining to national security systems and eligible for classification under Executive Order 13526, will be classified as appropriate.

b. Information regarding developing or current technology, the release of which could hinder the objectives of DHS, compromise a technological advantage or countermeasure, cause a denial of service, or provide an adversary with sufficient information to close, counterfeit, or circumvent a process or system. "

Basic 

International Agreement Information - Homeland

Information DHS receives and is required to protect pursuant to an information sharing agreement or arrangement with a foreign government, an international organization of governments or any element thereof, an international or foreign public or judicial body, or an international or foreign private or non-governmental organization.

Basic

Operations Security Information

Unclassified information that could constitute an indicator of U.S. Government intentions, capabilities, operations, or activities or otherwise threaten/compromise operations security. 

Basic

Physical Security - Homeland

Assessments or reports illustrating or disclosing facility infrastructure or security vulnerabilities related to the protection of federal buildings, grounds, or property, such as threat assessments, system security plans, contingency plans, risk management plans, business impact analysis studies, and certification and accreditation documentation. 

Basic 

Privacy Information

Information referred to as Personally Identifiable Information (PII). PII embodies information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual. 

Basic

Sensitive Personally Identifiable Information

"A subset of PII that, if lost, compromised or disclosed without authorization could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Some forms of PII are sensitive as stand-alone elements.

a. Examples of stand-alone PII include: Social Security Numbers (SSN), driver's license or state identification number; Alien Registration Numbers; financial account number; and biometric identifiers such as fingerprint, voiceprint, or iris scan.

b. Additional examples of SPII include any groupings of information that contain an individual's name or other unique identifier plus one or more of the following elements:

1) Truncated SSN (such as last four digits)

2) Date of birth (month, day, and year)

3) Citizenship or immigration status

4) Ethnic or religious affiliation

5) Sexual orientation

6) Criminal history

7) Medical information

8) System authentication information such as mother's maiden name, account passwords, or personal identification numbers.

c. Other PII may be ""sensitive"" depending on its context, such in as a list of employees and their performance rating(s) or an unlisted home address or phone number. In contrast, a business card or public telephone directory of agency employees contains PII, but is not sensitive. "

Basic

Investment Survey

Information reported to Treasury, the Federal Reserve Board of Governors, or the Federal Reserve Banks as part of the Treasury International Capital (TIC) data reporting system.

Basic 

Pesticide Producer Survey

Related to the data gathered regarding the production of pesticides that specifies the non-disclosure of the identity and location of individual producers.

Basic

Statistical Information

Refers to information collected by a Federal statistical agency, unit, or program for statistical purposes or used for statistical activities; under law, regulation, or Government-wide policy such 'Statistical' CUI requires: (1) protection from unauthorized disclosure; (2) special handling safeguards; and/or (3) prescribed limits on access or dissemination.y employees contains PII, but is not sensitive. 

Basic // Specified

This is not a CUI category

Federal Taxpayer Information

Related to returns and return information which are submitted, gathered or generated in conjunction with taxpayers’ responsibilities to comply with federal tax provisions in the United States Code. “Returns” includes information that is provided to the government pursuant to Title 26, including tax or information returns, declarations of estimated tax or claims for refund. “Return information” includes a taxpayer’s identity, the nature, source or amount of income or any information received by, recorded by, prepared by or furnished to Internal Revenue Service relevant to the determination of tax liability including whether the taxpayer is the subject of investigation. This protection extends to such items as medical, financial and other personal information submitted to the IRS by taxpayers. Standards (typically tolerances, audit criteria and law enforcement techniques) related to the selection of returns for examination should only be disclosed to the extent their disclosure would not impair assessment, collection or enforcement under the internal revenue laws. Tax data originating with the IRS generally retains its confidential status even when it resides with agencies other than the IRS.

Specified

Tax Convention

Related to any--(A) agreement entered into with the competent authority of one or more foreign governments pursuant to a tax convention, (B) application for relief under a tax convention, (C) background information related to such agreement or application, (D) document implementing such agreement, and (E) other information exchanged pursuant to a tax convention which is treated as confidential or secret under the tax convention. Tax convention information originating with the IRS generally retains its confidential status even when it resides with agencies other than the IRS.

Basic

Written Determinations

Rulings, determination letters, technical advice memoranda or Chief Counsel Advice, as those terms are defined in Treasury Regulation 301.6110-2, which are made available for public inspection subject to the withholding of certain types of data as enumerated in Treasury Regulation 301-6110.

Specified

This is not a CUI category

Railroad Safety Analysis Records

Related to the establishment, implementation, or modification of a railroad safety risk reduction program or pilot program, if the record is: (1) Supplied to the Secretary (of Transportation) pursuant to that safety risk reduction program or pilot program; or (2) made available for inspection and copying by an officer, employee, or agent of the Secretary pursuant to that safety risk reduction program or pilot program.

Basic

Security Classification & Declassification Guides

This Defense CUI type addresses the information related to identification, safeguarding, dissemination, and decontrol requirements covered in the security classification guides (SCG) through its classification and declassification determination processes. It provides the necessary protection measures and particular levels of security classification for the DoD Components to protect and control CUI identified in the SCGs, including information on known capabilities, limitations, and vulnerabilities, limited dissemination controls, and decontrol measures, and procedures to ensure DoD’s enhanced capabilities and superiority within the warfighter realm. General or some specific processes applied, system/network monitoring techniques, DoD specific materials or equipment, and the overarching CUI procedures used in the development, maintenance, or upgrading of DoD resources, supplies, and apparatuses. This type of information is subject to export control regulations.

Basic

Agricultural & Health Operations

Information related to the agricultural operation, farming or conservation practices, or the actual land of an agricultural producer or landowner. Additionally, information about nutritional requirements, immmunizations, vaccines, service providers/suppliers, veternary services, MRE information, & others.

Basic

Combined Military Operations, Planning, and Readiness 

This Defense CUI type addresses the information related to policies and procedures necessary to the organization, training, and employment of military, paramilitary, or irregular forces within the information operations realm to include: Joint Operations, Coalition Operations, and other related areas. It includes non-specific technical data and procedures necessary to conduct individual and organization level activities supporting these types of missions and functions. General or some specific methodologies and techniques used, overarching strategy and doctrine, and the principal procedures used by commands for force deployments. Example 1: Agreements with host-nation hospitals or medical centers to ensure members of the Armed Forces and covered beneficiaries have access, within a reasonable distance, to quality healthcare, including case management and translation services. Data about installations located within a territory under the jurisdiction of, or of a direct concern to, a recipient foreign government or international organization, and information contained in unclassified training manuals and most joint publications.This information is subject to export control regulations.

Basic

CyberSecurity // Defense Information and Systems Vulnerability Information

This Defense CUI type addresses the information related to tactics, techniques, and tactical necessary to protect (secure and defend) the DoD information network and systems. It includes only non-specific technical data, the specific documents used in conducting assessments and inspections of systems and networks (Command Cyber Readiness Inspections – CCRIs; Network Scans; CMMC; etc.), training techniques, and tactical procedures necessary to operate and maintain individual and networks, systems, and supporting software. General or some specific methodologies, system/network monitoring techniques, and the overarching procedures used in assessment and certification of cyber components contained in unclassified training manuals and joint publications, and authorities assume there is export-controlled technical data/technology associated with this category. May also include incident handling procedures, information relating to cyber security incidents, etc. 

Basic

Defense Critical Infrastructure and Mission Assurance Security Information

This Defense CUI type would include information, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and mission assurance security posture and practices, if exploited, would likely result in the significant disruption, decontrolling, or damage of or to DoD operations, property, or facilities. Information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD. Some examples would include policies and practices related to COG, High Value personnel, and COOP.

Basic

DoD Mission Assurance Information (MA)

This Defense CUI type would include information, if disclosed, would reveal risk management strategies applied to DoD Mission Assurance posture and practices, if exploited, would likely result in the significant impact or damage to DoD operations or functions resulting in mission or function degradation or failure. Proposed response measures taken to mitigate or remediate vulnerability assessment findings and intelligence collected to include those prepared by or on behalf of the DoD and other site-specific or asset-specific information without direct disclosure of correlated missions or functions; (e.g. benchmarks used in assessment; the criteria applied during Command Cyber Readiness Inspections (CCRI); self-inspection forms; Joint Mission Assurance Assessments); NIST SP 800-171 Compliance Inspections and processes (e.g., CMMC). 

Basic

DoD National Security Review, Recommendation Information, and Other Department's CUI Related to: International Transfers, Export Control Violations, and Foreign Investments in the U.S. 

This Defense CUI relates to information generated during the Department's national security review of international transfers of emerging technologies, dual use, and military items (articles, information, and services), export control violations, and Committee on Foreign Investments in the U.S. (CFIUS) cases. Information generated through the Department's review of: 1) export license applications & other export authorization or advisory requests for dual use and munitions items, commodity jurisdictions, voluntary and involuntary disclosures; 2) international transfers (including, but not limited to transfers through security cooperation and assistance, defense institution building,research, development and production cooperation); 3) export controls; 4) assessments supporting law enforcement and prosecution of export control violations; 5) technology security, and disclosure policy reviews; and, 6) CFIUS cases. Such CUI includes Agency and Department deliberations and positions, information regarding: U.S. warfighter, foreign partner, individual company, or U.S. industrial base vulnerabilities; foreign and national security policy deliberations that could impact foreign partner relationships; export-controlled technology and technical data; and business competition-sensitive or business proprietary information. Export authorization requests and CFIUS case information are protected by statute.               

Basic

Enterprise Force Structure

This Defense CUI type addresses electronic or digitized or any other graphical hierarchical representation of DoD organizations, both military and civilian, to include points of contact data and information generated and shared from the organizational servers for DoD-wide integration and use. It must be in compliance with and documented in accordance with DoD governance. Composition of DoD organizations, both military and civilian, comprising and supporting U.S. defense forces as specified by the National Defense Authorization Acts of current and applicable previous years, and defines the organizational hierarchy through which leadership authorities are exercised. 

Basic

Geodetic Product Information   

Related to imagery, non-intelligence imagery, or other geospatial information.

Basic

Information Operations

This Defense CUI type addresses the information related to tactics, techniques, and tactical doctrine necessary to the organization, training, and employment of military, paramilitary, or irregular forces within the information operations realm to include: PSYOPS; MILDECEP; SPECWAR; Interrogation; Rules of Engagement; Cyberspace operations; Electronic Warfare; Military information support operations; OPSEC; Intelligence; Influence activities; and other related areas. It includes non-specific technical data, training techniques, and tactical procedures necessary to conduct individual and organization level activities supporting these types of missions and functions. General or some specific methodologies and techniques used, overarching strategy and doctrine, and the principal procedures used by commands contained in unclassified training manuals and joint publications and May include information operations in OCONUS MTFs. Example 1: Agreements with host-nation hospitals or medical centers to ensure that members of the Armed Forces and covered beneficiaries have access, within a reasonable distance, to quality healthcare, including case management and translation services. 

Basic

International Transfers and Foreign Investment 

This CUI category is information generated during the Department's development, negotiations, conclusion, and review of DoD, and other USG international agreements with one or more foreign governments or international organizations (including their agencies, instrumentalities, or political subdivisions). The concluded (signed) unclassified agreement itself is not CUI unless it contains Foreign Government Information that is requested by the originating authorities to remain protected, or is marked "RESTRICTED," and therefore not releasable to the public. This CUI category does not include information generated during implementation of the international agreement. Such information may be CUI described in other categories, for example, Foreign Government Information, or export-controlled technical data or technology. This CUI includes Department and other USG agency deliberations, positions, and recommendations, such as: vulnerabilities of U.S. warfighters, the USG, the foreign partners, individual companies, or the U.S. industrial base; foreign and national security policy deliberations that could impact foreign partner relationships; and export-controlled technology and technical data.  

Basic

Military Intelligence

This Defense CUI type relates to unclassified intelligence activities, sources, and methods used in gathering data and information of a military nature. Initial or general information gathered, raw data, and non-specific or processed intelligence collected related to military operations. Additionally, this applies to funding sources for intelligence or special activities.

Basic

Patent Applications with Secrecy Orders

This Defense CUI addresses information related to patent applications with Secrecy Orders. A Secrecy Order is an order by the Commissioner of Patents requiring an invention be kept secret and the application or grant of a patent be withheld from publication due to national security concerns. Unclassified patent applications might (in the case of DoD patent applications) or would (in the case of third party applications) be detrimental to national security if disclosed.  

Basic

Personnel Security Screening Requirements and Procedures 

This Defense CUI type relates to evaluating eligibility or screening individuals for national security or occupancy of a sensitive position. The DoD CAF relies on many databases when evaluating eligibility or screening individuals for national security or occupancy of a sensitive position. The CAF also adjudicates special populations requiring addition vetting. In addition to databases, the CAF also used independent medical evaluations to vet and screen personnel as warranted.  

Basic

Tactics, Techniques, Procedures, and Tactical Doctrine

This Defense CUI type contains the information related to tactics, techniques, and tactical doctrine necessary to the organization, training, and employment of military, paramilitary, or irregular forces from a general basis to include rules of engagement, interrogation methods, etc. It includes only non-specific technical data, training techniques, and tactical procedures necessary to operate and maintain individual and organizational items of military materials, armaments, vehicles, and munitions. Operational specific methodologies, sequencing of events, and strategy information contained in unclassified training manuals and most joint publications and subject to export control.

Basic