Draft rule would help agencies storing some types of unclassified data

National Archives (NARA/Flickr)

Share

Written by

The National Archives posted a draft rule that, when finalized, would help federal agencies establish programs to safeguard certain types of sensitive, but unclassified, data.

Posted last week in the Federal Register, the draft rule concerns controlled unclassified information, or CUI, a term that encompasses a range of data, from agriculture to copyrights to law enforcement. The draft includes guidance on designating information as CUI, establishing necessary physical safeguards for CUI and managing CUI dissemination.

“After we get comments from this phase (deadline 7 July) we will make final revisions to the rule, coordinate those with agencies one final time and hopefully obtain OMB approval for the rule to be published as final,” National Archives and Records Administration’s Information Security Oversight Office Director John Fitzpatrick told FedScoop in an email Monday.

The National Archives may opt to conduct a second round of review for the agency rule as well, Fitzpatrick said. Public comments for this round are due July 7.

The draft rule comes after a second draft guidance ran in the Federal Register in April regarding how nonfederal entities, like contractors or universities, should secure CUI on their systems.

Before the president issued a 2010 executive order to make processes governing CUIs uniform, “more than 100 different markings for such information existed across the executive branch,” according to the posting. “This ad hoc, agency-specific approach created inefficiency and confusion, led to a patchwork system that failed to adequately safeguard information requiring protection, and unnecessarily restricted information-sharing.”

According to the Federation Of American Scientists’ blog Secrecy News, one of the most important aspects of the new CUI program is that it would make individual agencies adhere to a governmentwide standard for designating CUI. It also notes that the rule would not exempt CUI for disclosure under a Freedom of Information Act request. “However, a statutory restriction that justifies designating information as CUI would also likely make it exempt from release under FOIA,” it said.

-In this Story-

Agencies, big data, Cybersecurity, data analytics, National Archives and Records Administration (NARA), Tech
TwitterFacebookLinkedInRedditGoogle Gmail