What type of information does Controlled Unclassified Information (CUI) consist of?

Controlled Unclassified Information (CUI) consists of sensitive but unclassified information that requires protection for a variety of reasons, such as privacy or national security. The CUI framework was established to standardize how the federal government handles sensitive information that, while not classified, still necessitates safeguarding against unauthorized access or disclosure.

The designation of CUI applies to information that can include, but is not limited to, proprietary business information, personal data, and law enforcement data. This type of information does not meet the criteria for classification as Confidential, Secret, or Top Secret, but it still holds importance and is sensitive enough to warrant specific handling and dissemination controls to minimize risks.

In contrast, public information is available to anyone without restrictions. Highly classified data does not fall under CUI as it is explicitly classified information with a defined level of sensitivity. Privileged information generally relates to legal and attorney-client communications, which also does not align with the scope of CUI.