There are a number of questions that small businesses frequently ask about cybersecurity compliance within their organization. It is important for the DoD small business community to better understand Controlled but Unclassified Information (CUI), DFARS 252.204-7012, and Cybersecurity Maturity Model Certification (CMMC).
What Exactly is Controlled but Unclassified Information (CUI)?
CUI must be clearly marked as CONTROLLED or CUI in accordance with Marking Controlled Unclassified Information. According to the Information Security Oversight Office, National Archives and Records Administration, “until directed by your agency’s guidance, executive . . .