Sensitive but unclassified category simplified

The Bush administration has released new standards for how agencies should label sensitive but unclassified (SBU) information to simplify the more than 100 different markings or handling instructions that officials now attach to that data.

The number of categorizations for SBU data has worried lawmakers and government auditors who say that the agency-specific different labels and instructions were confusing and impeded sharing terrorism-related data. Advocates of open government advocates have expressed concern about how labeling unclassified data affects accessibility.

The new “Controlled Unclassified Information” (CUI) framework replaces the sensitive but unclassified (SBU) categorization and establishes three CUI categories, Under those categories, agencies that are part of the federal information sharing environment or the information sharing council should label unclassified data that is considered sensitive.

The framework sets out the three categories for the data.

  • Controlled with standard dissemination. This is information that requires standard safeguarding measures, dissemination is allowed to extent it is believed to further a lawful or official purpose.

  • Controlled with specified dissemination. This is information that requires safeguarding to reduce the risks of inadvertent disclosure and for when allowed contains additional dissemination instructions.

  • Controlled enhanced with specified dissemination. This information requires more stringent safeguards because unauthorized disclosure could produce significant harm and for when allowed contains additional dissemination instructions.

President Bush issued a memo in 2005 that called for the standardization of SBU data across the government and the Office of the Director of National Intelligence’s Program Manager for the Information Sharing Environment has been working to standardize SBU data.

On May 9, Bush issued a memo that said any additional markings can be prescribed only by the National Archives and Records Administration (NARA) , which will be the “executive agent” in charge of implementing the framework. The memorandum also stated that the new standards would not affect Freedom of Information Act requests and that CUI standard was not meant to classify or declassify any new or additional terrorism- related information.

Patrice McDermott, director of, said that the standard was a welcome first step, but that the real test will be how the new standards are implemented.

“I think the devil is going to be in the details and how this is implemented by NARA,” she said.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected