Managing Controlled Unclassified Information Creates Challenges
Federal government agencies produce reams of documentation, not all of which is classified, but much of which is sensitive. For decades, agencies applied their own individual markings to categorize sensitive data. However, these notations conflict with other agency marking, which opens the possibility of infomration being withheld or potentially being released. These issues were pondered by the Wednesday morning panel at the AFCEA SOLUTIONS conference. Controlled unclassified information (CUI) is data that requires some protection. However, because of the conflicting agency rules for CUI, the government has recently issued an order to implement a CUI famework to stanardize the documentation across the government. The CUI work is being led by the U.S. National Archives. The archives were selected by the U.S. government because it is viewed as a neutral organization, explains Jay Bosanko, director of the National Archives' CUI Office. One reason for the archive's involvement is to avoid the perception that CUI is another level of security classification. He notes that the framework promotes information sharing while providing security for the documents. It is also good governance he maintains. Becuase of the lack of standardization, the government did not trust CUI documents from the agencies. Initial reform efforts under the Bush administration focused only on terrorism related materials, specifically with the goal of cross-agency information sharing. In May 2009, the Obama adminstration issued a memorandum calling for a review of CUI procedures. Boskano said that his organization is leading the CUI task force to develop recommendations. The ultimate goal is to create an overarching framework that standardized CUI infomation to promote the sharing of data. Kelly Brickley, Chief of the CUI Program Office with the Office of the Intelligence Community Chief Information Officer and Information Sharing Executive, noted that the rules for classifying CUI documents in the Department of Justice were completely different from those of the Department of Defense. Besides providing an information framework, the government must provide training to educate personnel and to change the culture regarding how infomation is categorized. John Diehl with the Defense Department's Office of the Chief Information Officer explained that the framework will provide a consistent set of guidelines to train personnel. Aside from training, the panelists noted that the goal of the framework will standardize how agencies mark their CUI documentation is marked. Boskano noted that the process will move away from an agency-based process to a government-wide effort.