Sensitive but unclassified category simplified

The Bush administration has released new standards for how agencies should label sensitive but unclassified (SBU) information to simplify the more than 100 different markings or handling instructions that officials now attach to that data.

The number of categorizations for SBU data has worried lawmakers and government auditors who say that the agency-specific different labels and instructions were confusing and impeded sharing terrorism-related data. Advocates of open government advocates have expressed concern about how labeling unclassified data affects accessibility.

The new “Controlled Unclassified Information” (CUI) framework replaces the sensitive but unclassified (SBU) categorization and establishes three CUI categories, Under those categories, agencies that are part of the federal information sharing environment or the information sharing council should label unclassified data that is considered sensitive.

The framework sets out the three categories for the data.


  • Controlled with standard dissemination. This is information that requires standard safeguarding measures, dissemination is allowed to extent it is believed to further a lawful or official purpose.



  • Controlled with specified dissemination. This is information that requires safeguarding to reduce the risks of inadvertent disclosure and for when allowed contains additional dissemination instructions.



  • Controlled enhanced with specified dissemination. This information requires more stringent safeguards because unauthorized disclosure could produce significant harm and for when allowed contains additional dissemination instructions.



President Bush issued a memo in 2005 that called for the standardization of SBU data across the government and the Office of the Director of National Intelligence’s Program Manager for the Information Sharing Environment has been working to standardize SBU data.

On May 9, Bush issued a memo that said any additional markings can be prescribed only by the National Archives and Records Administration (NARA) , which will be the “executive agent” in charge of implementing the framework. The memorandum also stated that the new standards would not affect Freedom of Information Act requests and that CUI standard was not meant to classify or declassify any new or additional terrorism- related information.

Patrice McDermott, director of OpenTheGovernment.org, said that the standard was a welcome first step, but that the real test will be how the new standards are implemented.

“I think the devil is going to be in the details and how this is implemented by NARA,” she said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.