The Department of Defense CUI Registry
The DoD CUI Registry provides an official list of the Indexes and Categories used to
identify the various types of DoD CUI. The DoD CUI Registry mirrors the National CUI
Registry, but provides additional information on the relationships to DoD by aligning each Index
and Category to DoD issuances.
CUI Index | Category | Description | Basic or Specified |
---|---|---|---|
Critical Infrastructure | DoD: Systems and assets, whether physical or virtual, so vital the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters, across any Federal, State, regional, territorial, or local jurisdiction. Possession of system types (vendor, model/serial #, year, etc.) allows for malicious actors to narrow attack vectors to systems that support the Defense Critical Infrastructure potentially causing degradation or mission failure. DCI comprises Defense Critical Assets and Task Critical Assets. | This is not a CUI category | |
Ammonium Nitrate | Related to registration information of those who own and operate ammonium nitrate facilities, purchasers of ammonium nitrate, and the regulation of sales and transfers of ammonium nitrate. | Specified | |
Chemical-terrorism Vulnerability Information | In accordance with Section 550(c) of the Department of Homeland Security Appropriations Act of 2007, the following information, whether transmitted verbally, electronically, or in written form, shall constitute CVI, see (1) - (9). | Basic // Specified |
Critical Energy Infrastructure Information | Critical energy infrastructure information means specific engineering, vulnerability, or detailed design information about proposed or existing critical infrastructure that: (i) Relates details about the production, generation, transportation, transmission, or distribution of energy; (ii) Could be useful to a person in planning an attack on critical infrastructure;... and (iii) Does not simply give the general location of the critical infrastructure. | Specified | |
Emergency Management | Related to information concerning the continuity of executive branch operations during all-hazards emergencies or other situations that may disrupt normal operations. // DoD applies this to Continuity of Operations Planning (COOP) and Mission Assurance. | Basic | |
General Critical Infrastructure Information | Systems and assets, whether physical or virtual, so vital that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters, across any Federal, State, regional, territorial, or local jurisdiction. | Basic | |
Geodetic Product Information
| Related to imagery, imagery intelligence, or geospatial information. | Basic |
Information Systems Vulnerability Information | Related to information that if not protected, could result in adverse effects to information systems. Information system means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. | Basic | |
Physical Security | Related to protection of federal buildings, grounds or property. | Basic // Specified | |
Protected Critical Infrastructure Information | As defined by 6 USC 131-134, and 6 CFR 29, PCII relates to threats, vulnerabilities, or operational experience related to the national infrastructure. PCII offers protection to private sector infrastructure information voluntarily shared with government entities for purposes of homeland security. // Possession of system types (vendor, model/serial #, year, etc.) allows for malicious actors to narrow attack vectors to systems that support the Defense Critical Infrastructure potentially causing degradation or mission failure. DCI comprises Defense Critical Assets and Task Critical Assets. | Specified | |
SAFETY Act Information | Defined as “SAFETY Act Confidential Information” in 6 CFR Part 25, the regulations implementing the Support Anti-terrorism by Fostering Effective Technologies Act of 2002, SAFETY Act Information includes any and all information and data voluntarily submitted to the Department of Homeland Security under this part (including Applications, Pre-Applications, other forms, supporting documents and other materials relating to any of the foregoing, and responses to requests for additional information), including, but not limited to, inventions, devices, Technology, know-how, designs, copyrighted information, trade secrets, confidential business information, analyses, test and evaluation results, manuals, videotapes, contracts, letters, facsimile transmissions, electronic mail and other correspondence, financial information and projections, actuarial calculations, liability estimates, insurance quotations, and business and marketing plans. | Basic |
Toxic Substances | Health, safety, and exposure information related to chemical substances, chemical mixtures, and articles as defined under the Toxic Substances Control Act (TSCA). | Specified | |
Water Assessments | Vulnerability Assessments on the risks and security of public drinking water systems, to include, but not be limited to, a review of pipes and constructed conveyances, physical barriers, water collection, pretreatment, treatment, storage and distribution facilities, electronic, computer or other automated systems which are utilized by the public water system, the use, storage, or handling of various chemicals, and the operation and maintenance of such system. | Basic | |
Defense | This is not a CUI category | ||
Controlled Technical Information | Controlled Technical Information means technical information with military or space application subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information is to be marked with one of the distribution statements B through F, in accordance with Department of Defense Instruction 5230.24, "Distribution Statements of Technical Documents." The term does not include information that is lawfully publicly available without restrictions. "Technical Information" means technical data, technology, software, or computer software, including technology and software subject to the Export Administration Regulations (EAR), technical data subject to the International Traffic in Arms Regulations (ITAR), and technical information in Defense Federal Acquisition Regulation Supplement clause 252.227-7013, "Rights in Technical Data - Noncommercial Items" (48 CFR 252.227-7013). Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer software executable code and source code. | Basic // Specified |
DoD Critical Infrastructure Security Information | Information, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security. | Basic | |
Naval Nuclear Propulsion Information | Related to the safety of reactors and associated naval nuclear propulsion plants, and control of radiation and radioactivity associated with naval nuclear propulsion activities, including prescribing and enforcing standards and regulations for these areas as they affect the environment and the safety and health of workers, operators, and the general public. | Basic // Specified | |
Unclassified Controlled Nuclear Information - Defense | Relating to Department of Defense special nuclear material (SNM), equipment, and facilities, as defined by 32 CFR 223. | Basic // Specified | |
Export Control | DoD primarily uses Export Control as a dissemination/distribution control rather than a category. | This is not a CUI category |
Export Controlled | Unclassified information concerning certain items, commodities, technology, software, or other information whose export could reasonably be expected to adversely affect the United States national security and nonproliferation objectives. To include dual use items; items identified in export administration regulations, international traffic in arms regulations and the munitions list; license applications; and sensitive nuclear technology information. | Basic // Specified | |
Export Controlled Research | Related to the systematic investigation into and study of materials and sources in order to establish facts and reach new conclusions. | Basic | |
Financial | This is not a CUI category | ||
Bank Secrecy | Information that is provided to the government pursuant to the Bank Secrecy Act, including but not limited to, suspicious activity reports (SAR), currency transaction reports (CTR), reports of international transportation of currency or monetary instruments (CMIR), reports of cash payment over $10,000 received in trade or business, and reports of foreign bank and financial accounts (FBAR). Reports filed under the Bank Secrecy Act (BSA), codified in relevant part at 31 U.S.C. § 5311 et seq, are specifically exempt from disclosure under the Freedom of Information Act, codified at 5 U.S.C. § 552, and also may not be disclosed under any State, local, tribal, or territorial “freedom of information,” “open government,” or similar law. See 31 U.S.C. § 5319; 5 U.S.C. § 552(b)(3). These reports (BSA Reports), are maintained in a system of records containing information compiled for law enforcement investigative purposes that has been exempted from the access provisions of the Privacy Act in accordance with 5 U.S.C. §§ 552a(j)(2) and (k)(2). BSA Reports may only be re-disseminated in strict accordance with guidelines established by the Financial Crimes Enforcement Network (FinCEN), the Treasury bureau that administers the BSA. Suspicious Activity Reports, one of the types of required reports filed under the BSA, are required to be kept confidential in accordance with 31 U.S.C. § 5318(g)(2) and implementing regulations. To the extent information falling under the purview of the BSA is collected, accessed, or used for any Federal tax administration purpose, it is also subject to the confidentiality provisions of the Internal Revenue Code, codified at 26 U.S.C. § 6103. | Basic // Specified |
Budget | Related to information concerning the federal budget, including authorizations and estimates of income and expenditures. | Specified | |
Comptroller General | Concerning the Officer of the United States Government who is charged with duties relating to fiscal affairs, including auditing, examining accounts, and reporting the financial status of the United States Government. | Basic // Specified | |
Consumer Complaint Information | Related to information concerning consumer complaints or inquiries concerning financial institutions or consumer financial products and services, and responses to them. | Specified | |
Electronic Funds Transfer | Relating to the computer-based systems used to perform financial transactions electronically. | Basic |
Federal Housing Finance Non-Public Information | Related to information that the Federal Housing Finance Agency (FHFA) has not made public that is created by, obtained by, or communicated to an FHFA employee in connection with the performance of official duties, regardless of who is in possession of the information, including confidential supervisory information. Confidential supervisory information includes FHFA reports of examination, inspection and visitation, confidential operating and condition reports, and any information derived from, related to, or contained in such reports, or gathered by FHFA in the course of any investigation, suspicious activity report, cease-and- desist order, civil money penalty enforcement order, suspension, removal or prohibition order, or other supervisory or enforcement orders or actions taken under the Federal Housing Enterprises Financial Safety and Soundness Act of 1992, and other conditions as set forth in 12 CFR Part 1214.1. | Basic | |
Financial Supervision Information | Related to information connected to an agency's responsibilities to supervise, examine, and evaluate a financial institution. | Basic | |
General Financial Information | Related to the duties, transactions, or otherwise falling under the purview of financial institutions or United States Government fiscal functions. Uses may include, but are not limited to, customer information held by a financial institution. | Basic // Specified | |
International Financial Institutions | Relating to entities that provide financial services for its clients or members, and were established (or chartered) by more than one country, and hence are subjects of international law. | Basic |
Mergers | Relating to methods by which corporations legally unify ownership of assets formerly subject to separate controls. | Basic | |
Net Worth | Related to the net worth of an individual and/or their affiliates in certain administrative proceedings. | Specified | |
Retirement | Related to post-employment funding provided by an employer. | Basic | |
Immigration | This is not a CUI category |
Asylee | Related to refugee applications and associated hearings to grant asylum to foreign nationals in the United States to be recognized as asylees. | Basic | |
Battered Spouse or Child | Related to information within applications and associated hearings provided by, or that could identify, a battered spouse or child of a US citizen or US permanent resident seeking independent protected status within the United States. | Basic | |
Permanent Resident Status | Related to applications and associated hearings to grant permanent residency to foreign nationals living in the United States. | Basic | |
Status Adjustment | Related to applications for the adjustment of immigration status. | Basic |
Temporary Protected Status | Related to findings that conditions in a given country pose a danger to personal safety due to ongoing armed conflict or an environmental disaster and persons should receive special temporary status to remain in the United States. | Basic | |
Victims of Human Trafficking | Related to identifiable information of persons who have been victims of human trafficking and their family members. | Basic | |
Visas | Related to applications or permits to enter the United States. | Basic | |
Intelligence | This is not a CUI category |
Agriculture | Information related to the agricultural operation, farming or conservation practices, or the actual land of an agricultural producer or landowner. | Specified | |
Foreign Intelligence Surveillance Act | Related to unclassified and declassified information that is collected from unconsenting individuals under the authority of the Foreign Intelligence Surveillance Act (FISA). | Specified | |
Foreign Intelligence Surveillance Act Business Records | Related to books, records, papers, documents, and other items produced for an investigation to obtain foreign intelligence information. | Specified | |
General Intelligence | Related to intelligence activities, sources, or methods. | Basic // Specified |
Geospatial Intelligence (GEOINT) | This type of CUI relates to special imagery, imagery intelligence, or geospatial intelligence information produced by or on behalf of the National Geospatial-Intelligence Agency (NGA). The NGA identifies a select group of sensitive, unclassified intelligence imagery or geospatial intelligence information and data created or distributed by NGA or information, data, and products derived from such information. | Basic // Specified | |
Intelligence Financial Records | Related to financial records obtained for intelligence or counterintelligence activity, investigation, or analysis. | Specified | |
Internal Data | Refers to a category of information that is not intended to be disseminated beyond CIA channels that involves intelligence activities, sources, or methods. This information may also relate to the CIA's organization, functions, names, official titles, salaries, or numbers of personnel. | Basic // Specified | |
International Agreements | This is not a CUI category |
International Agreement Information | Information provided by, otherwise made available by, or produced in cooperation with, a foreign government or international organization that requires protection pursuant to an existing treaty, agreement, bilateral exchange or other obligation under the requirements stipulated in 10 USC 130c(b), when not subject to classification under Executive Order 13526. Title 10 USC 130c(b) may exempt this class of foreign government information from the safeguard provisions otherwise required by Executive Order 13526. Per Title 10 USC 130c(h) the following national security officials are the only ones defined by statute as able to determine such information requires control: (A) The Secretary of Defense, with respect to information of concern to the Department of Defense. (B) The Secretary of Homeland Security, with respect to information of concern to the Coast Guard, as determined by the Secretary, but only while the Coast Guard is not operating as a service in the Navy. (C) The Secretary of Energy, with respect to information concerning the national security programs of the Department of Energy, as determined by the Secretary. | Specified | |
Law Enforcement | This is not a CUI category | ||
Accident Investigation | Related to information obtained during the course of an accident or incident investigation. Including but not limited to information related to wreckage, records, mail, or cargo. | Specified | |
Campaign Funds | Related to information obtained in connection to an investigation into campaign finance and disclosure laws. Usage may include but is not limited to notification or investigation pertaining to financial support of a candidate for election. | Specified |
Committed Person | Related to information concerning the mental condition of a person committed to a psychiatric facility. | Basic | |
Communications | Related to the contents of any wire, oral, or electronic communication. | Basic | |
Controlled Substances | Information obtained by the Drug Enforcement Administration (DEA) or in DEA investigative reports related to controlled substances. | Specified | |
Criminal History Records Information | Related to information collected by criminal justice agencies on individuals consisting of identifiable descriptions and notations of arrests, detentions, indictments, information, or other formal criminal charges, and any disposition arising therefrom, including acquittal, sentencing, correctional supervision, and release. | Specified |
DNA | Related to hereditary material in humans that is used for law enforcement purposes. | Specified | |
General Law Enforcement | Related to techniques and procedures for law enforcement operations, investigations, prosecutions, or enforcement actions. | Basic | |
Informant | Related to the identity of a human source. | Basic // Specified | |
Investigation | Related to information obtained during the course of a law enforcement investigation or action, civil or criminal. | Basic // Specified |
Juvenile | Related to the identity of individual juvenile youths. | Basic | |
Law Enforcement Financial Records | Related to financial records obtained for law enforcement purposes. | Specified | |
National Security Letter | Related to administrative orders sent to compel the recipients of the letters to provide information to federal investigators. | Basic | |
Pen Register/Trap & Trace | Related to devices used to identify incoming and outgoing telephone numbers. | Basic |
Reward | Related to the identity of a recipient of a reward. | Basic | |
Sex Crime Victim | Related to the identity of a victim of a sex offense. | Basic | |
Terrorist Screening | Related to information gathering and analysis concerning possible threats or acts of a destructive nature. | Basic | |
Whistleblower Identity | Identity of anyone providing information relating to a legal violation or illicit or unsafe activity, including information provided by a whistleblower which could reasonably be expected to reveal the identity of a whistleblower. | Basic // Specified |
Legal | This is not a CUI category | ||
---|---|---|---|
Administrative Proceedings | Adjudication of agency-related matters including, but not limited to, dispute resolution, settlements, and issuances of orders. | Basic // Specified | |
Child Pornography | From 18 USC 2256(8) "child pornography" means any visual depiction, including any photograph, film, video, picture, or computer or computer-generated image or picture, whether made or produced by electronic, mechanical, or other means, of sexually explicit conduct, where— (A) the production of such visual depiction involves the use of a minor engaging in sexually explicit conduct; (B) such visual depiction is a digital image, computer image, or computer-generated image that is, or is indistinguishable from, that of a minor engaging in sexually explicit conduct; or (C) such visual depiction has been created, adapted, or modified to appear that an identifiable minor is engaging in sexually explicit conduct | Specified | |
Child Victim/Witness | Information pertaining to a minor who was a victim, witness, or potential witness to a criminal act. | Basic |
Collective Bargaining | Defining agencies' and representatives' duty to negotiate in good faith to include disclosure of certain labor relations training and guidance materials and limiting the issuance of certain subpoenas. | Basic | |
Federal Grand Jury | Material obtained pursuant to a federal grand jury subpoena, which includes (1) any reference to a specific sitting grand jury; (2) any documentation or data obtained by a grand jury subpoena if disclosure of such material tends to reveal what transpired before or at the direction of the federal grand jury; (3) documentation prepared specifically for the federal grand jury; and (4) transcripts or other recordings of testimony presented to the federal grand jury. | Basic // Specified | |
Legal Privilege | Per 12 USC 78x: The term "privilege" includes any work-product privilege, attorney-client privilege, governmental privilege, or other privilege recognized under Federal, State, or foreign law. Per 502(g): (1) "attorney-client privilege" means the protection that applicable law provides for confidential attorney-client communications; and (2) "work-product protection" means the protection that applicable law provides for tangible material (or its intangible equivalent) prepared in anticipation of litigation or for trial. | Basic | |
Legislative Materials | Data related to Congress’s legislative, investigatory or oversight responsibilities of the Executive branch of the Federal government. This includes data related to proposed or pending legislation as well as inquiries submitted by Congress to Federal agencies, agency responses to those inquiries and any other information which, if disclosed, would reveal the nature and scope of Congressional inquiries. | Basic |
Presentence Report | A report, generally prepared to assist the court in determining the most appropriate sentence for a defendant. It can include an assessment of the nature and seriousness of the offense and should contain details summarizing the background information of the defendant and the crime. | Basic | |
Prior Arrest | Information related to previous instances of law enforcement official's apprehension and formal processing of a suspect. | Basic | |
Protective Order | Stipulation that certain information that would normally fall under discovery rules will not be disclosed for specifically stated reason. | Basic // Specified | |
Victim | Information requiring protection of the name or other details that may identify one who was the victim of a crime. | Basic |
Witness Protection | Information related to the secretive details associated with one who has testified or may testify under circumstances that require secrecy of that individual and details pertaining to that person. | Basic // Specified | |
Natural and Cultural Resources | This is not a CUI category | ||
Archaeological Resources | Related to information about the nature and location of any archaeological resource for which the excavation or removal requires a permit or other permission. | Specified | |
Historic Properties | Related to the location, character, or ownership of historic property. | Specified |
National Park System Resources | Related to information concerning the nature and specific location of a National Park System resource that is endangered, threatened, rare, or commercially valuable, of mineral or paleontological objects within System units, or of objects of cultural patrimony within System units. | Specified | |
North Atlantic Treaty Organization (NATO) | This is not a CUI category | ||
NATO Restricted | Per the United States Security Authority for NATO, Instruction 1-07, information classified as ""NATO Restricted"", the fourth level of classification under the North Atlantic Treaty, requires safeguards and protection from public release and disclosure. This category does not apply to information classified NATO Confidential, NATO SECRET or NATO COSMIC TOP SECRET. | Specified | |
NATO Unclassified | Per the United States Security Authority for NATO, Instruction 1-07, this is information classified as "NATO Unclassified", which may only be used for official NATO purposes and may carry administrative or dissemination limitation markings. | Specified |
Nuclear | This is not a CUI category | ||
---|---|---|---|
General Nuclear | Application for patent filed under 35 U.S.C. 111(a) that includes all types of patent applications (i.e., utility, design, plant, and reissue) except provisional applications. The nonprovisional application establishes the filing date and initiates the examination process. A nonprovisional utility patent application must include a specification, including a claim or claims; drawings, when necessary; an oath or declaration; and the prescribed filing fee. | Basic // Specified | |
Nuclear Recommendation Material | Related to recommendations to the Secretary of Energy with respect to Department of Energy defense nuclear facilities as determined necessary to ensure adequate protection of public health and safety. | Basic | |
Nuclear Security-Related Information | Related to information that could be useful, or could reasonably be expected to be useful, to a terrorist in a potential attack that does not qualify as Safeguards or classified information, including the exact location and quantities of radioactive material, certain detailed design drawings, information on nearby facilities, emergency planning information, and certain assessments of vulnerability and safety analyses. | Basic // Specified |
Safeguards Information | Pursuant to 42 USC 2011, et seq., and as defined in 10 CFR 73.2, SGI relates to security related information concerning the physical protection of source, byproduct or special nuclear material and the detailed security measures for facilities and information contained within security plans. | Specified | |
Unclassified Controlled Nuclear Information - Energy | Relating to certain design and security information concerning nuclear facilities, materials, and weapons, specific to the Department of Energy. | Basic // Specified | |
Patent | This is not a CUI category | ||
Patent Applications | Application for patent filed under 35 U.S.C. 111(a) that includes all types of patent applications (i.e., utility, design, plant, and reissue) except provisional applications. The nonprovisional application establishes the filing date and initiates the examination process. A nonprovisional utility patent application must include a specification, including a claim or claims; drawings, when necessary; an oath or declaration; and the prescribed filing fee. | Basic // Specified |
Inventions | An invention is any art or process (way of doing or making things), machine, manufacture, design, or composition of matter, or any new and useful improvement thereof, or any variety of plant, which is or may be patentable under the patent laws of the United States, in which the federal government owns or may own a right, title, or interest. | Basic | |
Secrecy Orders | An order by the Commissioner of Patents that an invention be kept secret and to withhold the publication of an application or the grant of a patent due to national security concerns. | Basic | |
Privacy | This is not a CUI category | ||
Contract Use | Stipulations for a contractor to meet before material may be used in performance of certain contracts. | Specified |
Death Records | Related to information contained within an official document issued by a public registry verifying that a person has died, with information such as the date and time of death, the cause of death, and the signature of the attending or examining physician. | Basic | |
General Privacy | Refers to personal information, or, in some cases, "personally identifiable information," as defined in OMB M-17-12, or "means of identification" as defined in 18 USC 1028(d)(7). | Basic // Specified | |
Genetic Information | The term "genetic information" means, with respect to any individual, information about-- (i) such individual's genetic tests, (ii) the genetic tests of family members of such individual, and (iii) the manifestation of a disease or disorder in family members of such individual. | Basic // Specified | |
Health Information | As per 42 USC 1320d(4), "health information" means any information, whether oral or recorded in any form or medium, that (A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual. | Basic // Specified |
Inspector General Protected | Related to the identity of a person making a report to the Inspector General of any Executive agency. | Basic // Specified | |
Military Personnel Records | Any member or former member of the armed forces or affiliated organization of the Department of Defense. | Basic | |
Student Records | As per 20 USC 1232g, the Family Educational Rights and Privacy Act of 1974, an education record which is comprised of those records which are directly related to a student. | Basic // Specified | |
Procurement and Acquisition | This is not a CUI category |
General Procurement and Acquisition | Material and information relating to, or associated with, the acquisition and procurement of goods and services, including but not limited to, cost or pricing data, contract information, indirect costs and direct labor rates. | Specified | |
Small Business Research and Technology | Relating to certain "Small Business Innovation Research Program" and "Small Business Technology Transfer Program" information in a government database, as referenced in 15 USC 638(k)(2). | Specified | |
Source Selection | Per FAR 2.101: any of the following information that is prepared for use by an agency for the purpose of evaluating a bid or proposal to enter into an agency procurement contract, if that information has not been previously made available to the public or disclosed publicly: (Items 1-10). | Basic // Specified | |
Proprietary Business Information | This is not a CUI category |
General Proprietary Business Information | Material and information relating to, or associated with, a company's products, business, or activities, including but not limited to financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications. | Basic // Specified | |
Ocean Common Carrier and Marine Terminal Operator Agreements | Relating to agreements between or among ocean common carriers and marine terminal operators as referenced in 46 USC 40301 and 40306. | Basic | |
Ocean Common Carrier Service Contracts | Relating to an agreement for the provision of services filed with the Federal Maritime Commission as referenced in 46 USC 40502(b), 46 CFR 530.4, and/or 46 CFR 531.4(a). | Basic | |
Proprietary Manufacturer | Relating to the production of a consumer product to include that of a private labeler. | Specified |
Proprietary Postal | Concerning or related to the course of business of the United States Postal Service. | Basic | |
System for Award Management | Relating to the primary United States Government system for contractor registration and awards. | Basic | |
Provisional - DHS | This is not a CUI category | ||
Homeland Security Agreement Information | Information DHS receives and is required to protect pursuant to an agreement with state, local, tribal, territorial, and private sector partners. DHS receives this information in furtherance of the missions of the Department, including but not limited to, support of the Fusion Center Initiative and activities for cyber information sharing consistent with the Cybersecurity Information Security Act. | Basic |
Homeland Security Enforcement Information | Unclassified information of a sensitive nature lawfully created, possessed, or transmitted by DHS in furtherance of its immigration, customs, and other civil and criminal enforcement missions, the unauthorized disclosure of which could adversely impact the mission of the Department. | Basic | |
Information Systems Vulnerability Information - Homeland | "a. DHS information technology internal systems data revealing infrastructure used for servers, desktops, and networks; applications name, version and release; switching, router, and gateway information; interconnections and access methods; mission or business use/need. Examples of information are systems inventories and enterprise architecture models. Information pertaining to national security systems and eligible for classification under Executive Order 13526, will be classified as appropriate. b. Information regarding developing or current technology, the release of which could hinder the objectives of DHS, compromise a technological advantage or countermeasure, cause a denial of service, or provide an adversary with sufficient information to close, counterfeit, or circumvent a process or system. " | Basic | |
International Agreement Information - Homeland | Information DHS receives and is required to protect pursuant to an information sharing agreement or arrangement with a foreign government, an international organization of governments or any element thereof, an international or foreign public or judicial body, or an international or foreign private or non-governmental organization. | Basic | |
Operations Security Information | Unclassified information that could constitute an indicator of U.S. Government intentions, capabilities, operations, or activities or otherwise threaten/compromise operations security. | Basic |
Personnel Security Information | Information that could result in physical risk to DHS personnel or other individuals that DHS is responsible for protecting. | Basic | |
Physical Security - Homeland | Assessments or reports illustrating or disclosing facility infrastructure or security vulnerabilities related to the protection of federal buildings, grounds, or property, such as threat assessments, system security plans, contingency plans, risk management plans, business impact analysis studies, and certification and accreditation documentation. | Basic | |
Privacy Information | Information referred to as Personally Identifiable Information (PII). PII embodies information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual. | Basic | |
Sensitive Personally Identifiable Information | "A subset of PII that, if lost, compromised or disclosed without authorization could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Some forms of PII are sensitive as stand-alone elements. a. Examples of stand-alone PII include: Social Security Numbers (SSN), driver's license or state identification number; Alien Registration Numbers; financial account number; and biometric identifiers such as fingerprint, voiceprint, or iris scan. b. Additional examples of SPII include any groupings of information that contain an individual's name or other unique identifier plus one or more of the following elements: 1) Truncated SSN (such as last four digits) 2) Date of birth (month, day, and year) 3) Citizenship or immigration status 4) Ethnic or religious affiliation 5) Sexual orientation 6) Criminal history 7) Medical information 8) System authentication information such as mother's maiden name, account passwords, or personal identification numbers. c. Other PII may be ""sensitive"" depending on its context, such in as a list of employees and their performance rating(s) or an unlisted home address or phone number. In contrast, a business card or public telephone directory of agency employees contains PII, but is not sensitive. " | Basic |
Statistical | This is not a CUI category | ||
---|---|---|---|
Investment Survey | Information reported to Treasury, the Federal Reserve Board of Governors, or the Federal Reserve Banks as part of the Treasury International Capital (TIC) data reporting system. | Basic | |
Pesticide Producer Survey | Related to the data gathered regarding the production of pesticides that specifies the non-disclosure of the identity and location of individual producers. | Basic | |
Statistical Information | Refers to information collected by a Federal statistical agency, unit, or program for statistical purposes or used for statistical activities; under law, regulation, or Government-wide policy such 'Statistical' CUI requires: (1) protection from unauthorized disclosure; (2) special handling safeguards; and/or (3) prescribed limits on access or dissemination.y employees contains PII, but is not sensitive. | Basic // Specified |
US Census | Related to information gathered by the Bureau of the Census during the process of collecting, compiling, evaluating, analyzing of demographic, economic, and social data pertaining at a specified time to any or all persons in the United States and dissemination is limited to those with special sworn status, who may only use the data for statistical purposes and only for those statistical purposes for which the data was supplied. | Specified | |
Tax | This is not a CUI category | ||
Federal Taxpayer Information | Related to returns and return information which are submitted, gathered or generated in conjunction with taxpayers’ responsibilities to comply with federal tax provisions in the United States Code. “Returns” includes information that is provided to the government pursuant to Title 26, including tax or information returns, declarations of estimated tax or claims for refund. “Return information” includes a taxpayer’s identity, the nature, source or amount of income or any information received by, recorded by, prepared by or furnished to Internal Revenue Service relevant to the determination of tax liability including whether the taxpayer is the subject of investigation. This protection extends to such items as medical, financial and other personal information submitted to the IRS by taxpayers. Standards (typically tolerances, audit criteria and law enforcement techniques) related to the selection of returns for examination should only be disclosed to the extent their disclosure would not impair assessment, collection or enforcement under the internal revenue laws. Tax data originating with the IRS generally retains its confidential status even when it resides with agencies other than the IRS. | Specified | |
Tax Convention | Related to any--(A) agreement entered into with the competent authority of one or more foreign governments pursuant to a tax convention, (B) application for relief under a tax convention, (C) background information related to such agreement or application, (D) document implementing such agreement, and (E) other information exchanged pursuant to a tax convention which is treated as confidential or secret under the tax convention. Tax convention information originating with the IRS generally retains its confidential status even when it resides with agencies other than the IRS. | Basic |
Taxpayer Advocate Information | A local taxpayer advocate (LTA) has the discretion to not disclose to the IRS contact with, or information provided by, a taxpayer. Such discretion may result in declinations of requests for information by IRS personnel including cases involving criminal tax investigations or those where the failure to provide information to the IRS would be beneficial to the taxpayer but to the detriment of the IRS. Such discretion does not extend to cases where the LTA believes a taxpayer is using the Taxpayer Advocate’s office to perpetuate a fraud on the government or in cases where the information is sought in litigation. | Basic | |
Written Determinations | Rulings, determination letters, technical advice memoranda or Chief Counsel Advice, as those terms are defined in Treasury Regulation 301.6110-2, which are made available for public inspection subject to the withholding of certain types of data as enumerated in Treasury Regulation 301-6110. | Specified | |
Transportation | This is not a CUI category | ||
Railroad Safety Analysis Records | Related to the establishment, implementation, or modification of a railroad safety risk reduction program or pilot program, if the record is: (1) Supplied to the Secretary (of Transportation) pursuant to that safety risk reduction program or pilot program; or (2) made available for inspection and copying by an officer, employee, or agent of the Secretary pursuant to that safety risk reduction program or pilot program. | Basic |
Sensitive Security Information | As defined in 49 C.F.R. Part 15.5, Sensitive Security Information is information obtained or developed in the conduct of security activities, including research and development, the disclosure of which DOT has determined would constitute an unwarranted invasion of privacy, reveal trade secrets or privileged or confidential information, or be detrimental to transportation safety. As defined in 49 C.F.R. Part 1520.5, Sensitive Security Information is information obtained or developed in the conduct of security activities, including research and development, the disclosure of which DHS/TSA has determined would, among other things, be detrimental to the security of transportation. | Specified | |
Operation Security (OPSEC) *DoD Added* | |||
Security Classification & Declassification Guides | This Defense CUI type addresses the information related to identification, safeguarding, dissemination, and decontrol requirements covered in the security classification guides (SCG) through its classification and declassification determination processes. It provides the necessary protection measures and particular levels of security classification for the DoD Components to protect and control CUI identified in the SCGs, including information on known capabilities, limitations, and vulnerabilities, limited dissemination controls, and decontrol measures, and procedures to ensure DoD’s enhanced capabilities and superiority within the warfighter realm. General or some specific processes applied, system/network monitoring techniques, DoD specific materials or equipment, and the overarching CUI procedures used in the development, maintenance, or upgrading of DoD resources, supplies, and apparatuses. This type of information is subject to export control regulations. | Basic | |
Agricultural & Health Operations | Information related to the agricultural operation, farming or conservation practices, or the actual land of an agricultural producer or landowner. Additionally, information about nutritional requirements, immmunizations, vaccines, service providers/suppliers, veternary services, MRE information, & others. | Basic |
Applied Research & Development | This Defense CUI type consists of information resulting from the extension of fundamental theories, designs, and data from purely theoretical or experimental investigation into possible defense applications. This type of CUI moves concepts and ideas from the imagination into the realm of the possible. It includes the actual research, construction, and testing of prototypes and such design changes affecting qualitative performance as may be required during service life of the item. Engineering data, general operational requirements, various notional drawings, project and model concepts as well as the military features required to adopt the item for prototyping and production. The authorities establish export-controlled technical data/technology associated with this category. | Basic | |
Combined Military Operations, Planning, and Readiness | This Defense CUI type addresses the information related to policies and procedures necessary to the organization, training, and employment of military, paramilitary, or irregular forces within the information operations realm to include: Joint Operations, Coalition Operations, and other related areas. It includes non-specific technical data and procedures necessary to conduct individual and organization level activities supporting these types of missions and functions. General or some specific methodologies and techniques used, overarching strategy and doctrine, and the principal procedures used by commands for force deployments. Example 1: Agreements with host-nation hospitals or medical centers to ensure members of the Armed Forces and covered beneficiaries have access, within a reasonable distance, to quality healthcare, including case management and translation services. Data about installations located within a territory under the jurisdiction of, or of a direct concern to, a recipient foreign government or international organization, and information contained in unclassified training manuals and most joint publications.This information is subject to export control regulations. | Basic | |
CyberSecurity // Defense Information and Systems Vulnerability Information | This Defense CUI type addresses the information related to tactics, techniques, and tactical necessary to protect (secure and defend) the DoD information network and systems. It includes only non-specific technical data, the specific documents used in conducting assessments and inspections of systems and networks (Command Cyber Readiness Inspections – CCRIs; Network Scans; CMMC; etc.), training techniques, and tactical procedures necessary to operate and maintain individual and networks, systems, and supporting software. General or some specific methodologies, system/network monitoring techniques, and the overarching procedures used in assessment and certification of cyber components contained in unclassified training manuals and joint publications, and authorities assume there is export-controlled technical data/technology associated with this category. May also include incident handling procedures, information relating to cyber security incidents, etc. | Basic | |
Defense Critical Infrastructure and Mission Assurance Security Information | This Defense CUI type would include information, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and mission assurance security posture and practices, if exploited, would likely result in the significant disruption, decontrolling, or damage of or to DoD operations, property, or facilities. Information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD. Some examples would include policies and practices related to COG, High Value personnel, and COOP. | Basic |
DoD Critical Infrastructure Protection Program (DCIP) | This Defense CUI type would include information, if disclosed, would reveal threats, hazards, and known vulnerabilities within the DoD to assets, systems, and capabilities, if exploited, would likely have a significant impact resulting in a substantial degradation or failure of or to DoD operations and functions. Information gathered from open sources on threats, historical hazard data, publicly available imagery, etc. This also include names, locations, or other open source data or information related to defense critical assets - not directly linked to missions supported. | Basic | |
DoD Mission Assurance Information (MA) | This Defense CUI type would include information, if disclosed, would reveal risk management strategies applied to DoD Mission Assurance posture and practices, if exploited, would likely result in the significant impact or damage to DoD operations or functions resulting in mission or function degradation or failure. Proposed response measures taken to mitigate or remediate vulnerability assessment findings and intelligence collected to include those prepared by or on behalf of the DoD and other site-specific or asset-specific information without direct disclosure of correlated missions or functions; (e.g. benchmarks used in assessment; the criteria applied during Command Cyber Readiness Inspections (CCRI); self-inspection forms; Joint Mission Assurance Assessments); NIST SP 800-171 Compliance Inspections and processes (e.g., CMMC). | Basic | |
DoD National Security Review, Recommendation Information, and Other Department's CUI Related to: International Transfers, Export Control Violations, and Foreign Investments in the U.S. | This Defense CUI relates to information generated during the Department's national security review of international transfers of emerging technologies, dual use, and military items (articles, information, and services), export control violations, and Committee on Foreign Investments in the U.S. (CFIUS) cases. Information generated through the Department's review of: 1) export license applications & other export authorization or advisory requests for dual use and munitions items, commodity jurisdictions, voluntary and involuntary disclosures; 2) international transfers (including, but not limited to transfers through security cooperation and assistance, defense institution building,research, development and production cooperation); 3) export controls; 4) assessments supporting law enforcement and prosecution of export control violations; 5) technology security, and disclosure policy reviews; and, 6) CFIUS cases. Such CUI includes Agency and Department deliberations and positions, information regarding: U.S. warfighter, foreign partner, individual company, or U.S. industrial base vulnerabilities; foreign and national security policy deliberations that could impact foreign partner relationships; export-controlled technology and technical data; and business competition-sensitive or business proprietary information. Export authorization requests and CFIUS case information are protected by statute. | Basic | |
Enterprise Force Structure | This Defense CUI type addresses electronic or digitized or any other graphical hierarchical representation of DoD organizations, both military and civilian, to include points of contact data and information generated and shared from the organizational servers for DoD-wide integration and use. It must be in compliance with and documented in accordance with DoD governance. Composition of DoD organizations, both military and civilian, comprising and supporting U.S. defense forces as specified by the National Defense Authorization Acts of current and applicable previous years, and defines the organizational hierarchy through which leadership authorities are exercised. | Basic |
Foreign Humanitarian Assistance | This Defense CUI type would include information, if disclosed, would reveal threats, hazards, and known vulnerabilities within the DoD to assets, systems, and capabilities, if exploited, would likely have a significant impact resulting in a substantial degradation or failure of or to DoD operations and functions. Information gathered from open sources on threats, historical hazard data, publicly available imagery, etc. This also include names, locations, or other open source data or information related to defense critical assets - not directly linked to missions supported. | Basic | |
Geodetic Product Information | Related to imagery, non-intelligence imagery, or other geospatial information. | Basic | |
Information Operations | This Defense CUI type addresses the information related to tactics, techniques, and tactical doctrine necessary to the organization, training, and employment of military, paramilitary, or irregular forces within the information operations realm to include: PSYOPS; MILDECEP; SPECWAR; Interrogation; Rules of Engagement; Cyberspace operations; Electronic Warfare; Military information support operations; OPSEC; Intelligence; Influence activities; and other related areas. It includes non-specific technical data, training techniques, and tactical procedures necessary to conduct individual and organization level activities supporting these types of missions and functions. General or some specific methodologies and techniques used, overarching strategy and doctrine, and the principal procedures used by commands contained in unclassified training manuals and joint publications and May include information operations in OCONUS MTFs. Example 1: Agreements with host-nation hospitals or medical centers to ensure that members of the Armed Forces and covered beneficiaries have access, within a reasonable distance, to quality healthcare, including case management and translation services. | Basic | |
International Transfers and Foreign Investment | This CUI category is information generated during the Department's development, negotiations, conclusion, and review of DoD, and other USG international agreements with one or more foreign governments or international organizations (including their agencies, instrumentalities, or political subdivisions). The concluded (signed) unclassified agreement itself is not CUI unless it contains Foreign Government Information that is requested by the originating authorities to remain protected, or is marked "RESTRICTED," and therefore not releasable to the public. This CUI category does not include information generated during implementation of the international agreement. Such information may be CUI described in other categories, for example, Foreign Government Information, or export-controlled technical data or technology. This CUI includes Department and other USG agency deliberations, positions, and recommendations, such as: vulnerabilities of U.S. warfighters, the USG, the foreign partners, individual companies, or the U.S. industrial base; foreign and national security policy deliberations that could impact foreign partner relationships; and export-controlled technology and technical data. | Basic |
Materiel, Armaments, Vehicles, Equipment, & Munitions | This Defense CUI type covers the information related to unclassified specific numbers and types of defense materiel, armaments, vehicles, equipment, and munitions procured and controlled by the U.S. military for equipage, operation, maintenance, training, and support of its military forces or military, irregular, or paramilitary forces of its allies. Scientific, technical, or engineering data and training information necessary to operate, maintain, or support specific defense materiel, armaments, vehicles, equipment, or munitions. Numbers and types of items developed by U.S. private interests as a result of U.S Government contracts or derived from technology paid for by or under the control of the U.S. Government are included within this Defense CUI type. There is export-controlled technical data/technology associated with this category. | Basic | |
Military Intelligence | This Defense CUI type relates to unclassified intelligence activities, sources, and methods used in gathering data and information of a military nature. Initial or general information gathered, raw data, and non-specific or processed intelligence collected related to military operations. Additionally, this applies to funding sources for intelligence or special activities. | Basic | |
Patent Applications with Secrecy Orders | This Defense CUI addresses information related to patent applications with Secrecy Orders. A Secrecy Order is an order by the Commissioner of Patents requiring an invention be kept secret and the application or grant of a patent be withheld from publication due to national security concerns. Unclassified patent applications might (in the case of DoD patent applications) or would (in the case of third party applications) be detrimental to national security if disclosed. | Basic | |
Personnel Security Screening Requirements and Procedures | This Defense CUI type relates to evaluating eligibility or screening individuals for national security or occupancy of a sensitive position. The DoD CAF relies on many databases when evaluating eligibility or screening individuals for national security or occupancy of a sensitive position. The CAF also adjudicates special populations requiring addition vetting. In addition to databases, the CAF also used independent medical evaluations to vet and screen personnel as warranted. | Basic |
Production | This Defense CUI type addresses manufacturing, construction, and assembly data and information including know-how, techniques, and processes required to produce or substantially upgrade defense materiel, armaments, and munitions. It includes information related to the engineering processes or techniques resulting in the sets of instructions for transforming natural substances into useful materials (metals, plastics, combustibles, etc.) or fabricating materials into aerodynamic, mechanical, electronic, hydraulic, or pneumatic systems, subsystems and components. Drawings, process sheets, wiring diagrams, procedural instructions, test protocols, testing results, and other supporting documentation. | Basic | |
Tactics, Techniques, Procedures, and Tactical Doctrine | This Defense CUI type contains the information related to tactics, techniques, and tactical doctrine necessary to the organization, training, and employment of military, paramilitary, or irregular forces from a general basis to include rules of engagement, interrogation methods, etc. It includes only non-specific technical data, training techniques, and tactical procedures necessary to operate and maintain individual and organizational items of military materials, armaments, vehicles, and munitions. Operational specific methodologies, sequencing of events, and strategy information contained in unclassified training manuals and most joint publications and subject to export control. | Basic |
Official DoD CUI Registry (you must have a DOD issued CAC to access)
https://intelshare.intelink.gov/sites/ousdi/hcis/sec/icdirect/information/CUI/Forms/AllItems.aspx