Use OPSEC measures to protect CUI

FORT LEONARD WOOD, Mo. — Operations Security, or OPSEC, is our first line of defense against hostile intelligence-collection efforts, helping us achieve the Army’s objectives in deterring terrorist incidents.

The intent of OPSEC is to keep the enemy from knowing our critical information — or capabilities, activities, limitations and intentions — thereby, preventing adversaries from having a road map for future terrorist operations.

Controlled unclassified information, also called CUI, is part of the command’s critical information list, to be protected by all Fort Leonard Wood personnel.

CUI is government-created or government-owned information that requires safeguarding or dissemination controls, in accordance with applicable laws, regulations and government-wide policies. CUI is not classified information. CUI is an umbrella term that encompasses many different markings to identify information that is not classified but which should be protected. Some examples you may be familiar with include personally identifiable information, personal health information, controlled technical information, as well as financial and contract information.

Because there are fewer controls over CUI as compared to classified information, CUI is the path of least resistance for adversaries. Loss of aggregated CUI is one of the most significant risks to national security, directly affecting lethality of our warfighters.

Controlled unclassified information is handled, stored, transmitted and destroyed in a similar manner to the legacy For Official Use Only program:

  • CUI should be processed on government-furnished equipment, encrypted if sent via Non-classified Internet Protocol Router Network, also called a NIPRNet, and should only be accessible on a limited basis to those with a lawful purpose.
  • All CUI no longer needed or required for preservation under applicable records retention law, regulation or policy, must be destroyed by means approved for destroying classified information, or in a manner making it unreadable, indecipherable and irrecoverable.
  • After working hours, CUI can be stored in unlocked containers, desks or cabinets if the government building provides security for continuous monitoring of access.
  • If there is no building security, the information must be stored in locked containers, desks, file cabinets, bookcases, locked rooms or similarly secured areas.

Establishing CUI was an impactful moment in the Department of Defense Information Security program, formally acknowledging that certain types of unclassified information are extremely sensitive, valuable to the United States, sought after by strategic competitors and adversaries, and often have legal safeguarding requirements. Unlike with classified national security information, DOD personnel at all levels of responsibility and across all mission areas receive, handle, create and disseminate CUI. CUI allows us to create a better, more unified front of protection against those who wish to steal our information and harm our country.

For more information about the CUI program, contact your unit security manager, the OPSEC office at 573.563.2402, or visit the DOD’s CUI program website.