Controlled Unclassified Information: 3 Ways to Secure It and Which is Best

By Carl Herberger • January 27, 2022

For the past several years, contractors with the Department of Defense (DoD) have had to meet a custodial requirement in contracts as it relates to security. Soon, this will likely be required outside the defense industrial base (DIB) and apply to all federal contractors.

 

If you’re like many contractors, you’re wondering how best to safeguard Controlled Unclassified Information (CUI). While there are many ways to meet the rules and regulations, not all of them are feasible or efficient and many of them are expensive.

 

The key is to limit the scope of your CUI protections. That can be difficult because CUI isn’t always neatly organized in one place. Often it sits in many departments like legal, contracts, accounting, sales, professional services, and engineering. CUI can be on employees’ computers, in their email accounts, on their mobile devices, and on shared network folders.

 

Contractors tend to take one of three strategies to corral CUI and limit disrupting their larger business:

 

  1. Limit by contract or product: You serve the government with specific business segments, so you define your environment based on products and services.
  2. Limit by geography: A global enterprise only does business with the government through U.S. entities, so it might define limits by geography so the rest of its global sites are undisturbed.
  3. Limit by technology: Limiting by contract or geography ignore the shared technology resources used across the entire company. An enclave achieves compliance by segmenting CUI from other systems.

 

An enclave solution, or isolating the CUI within an organization, is a scalable, efficient, and cost-effective approach to the custodial responsibility of security. The National Institute of Standards and Technology (NIST) endorsed this approach with Special Publication 800-171:

 

“Security domains may employ physical separation, logical separation, or a combination of both. This approach can provide adequate security for the CUI and avoid increasing the organization’s security posture to a level beyond that which it requires for protecting its missions, operations, and assets.”

 

While an enclave may require a duplicate system for business processes like email or security tools, creating a large compliance system that spans across a whole product segment or even an entire enterprise and goes far beyond just the CUI is significantly more expensive and time consuming.

 

CyberSheath is helping clients take the best step forward with its new Federal Enclave, which simplifies adherence to difficult cybersecurity business requirements. Register for CyberSheath’s webinar to learn more about the value of enclaves and how Federal Enclave can help.

Federal Enclave Webinar

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.