Controlled Unclassified Information: 3 Ways to Secure It and Which is Best

By Carl Herberger • January 27, 2022

For the past several years, contractors with the Department of Defense (DoD) have had to meet a custodial requirement in contracts as it relates to security. Soon, this will likely be required outside the defense industrial base (DIB) and apply to all federal contractors.

 

If you’re like many contractors, you’re wondering how best to safeguard Controlled Unclassified Information (CUI). While there are many ways to meet the rules and regulations, not all of them are feasible or efficient and many of them are expensive.

 

The key is to limit the scope of your CUI protections. That can be difficult because CUI isn’t always neatly organized in one place. Often it sits in many departments like legal, contracts, accounting, sales, professional services, and engineering. CUI can be on employees’ computers, in their email accounts, on their mobile devices, and on shared network folders.

 

Contractors tend to take one of three strategies to corral CUI and limit disrupting their larger business:

 

  1. Limit by contract or product: You serve the government with specific business segments, so you define your environment based on products and services.
  2. Limit by geography: A global enterprise only does business with the government through U.S. entities, so it might define limits by geography so the rest of its global sites are undisturbed.
  3. Limit by technology: Limiting by contract or geography ignore the shared technology resources used across the entire company. An enclave achieves compliance by segmenting CUI from other systems.

 

An enclave solution, or isolating the CUI within an organization, is a scalable, efficient, and cost-effective approach to the custodial responsibility of security. The National Institute of Standards and Technology (NIST) endorsed this approach with Special Publication 800-171:

 

“Security domains may employ physical separation, logical separation, or a combination of both. This approach can provide adequate security for the CUI and avoid increasing the organization’s security posture to a level beyond that which it requires for protecting its missions, operations, and assets.”

 

While an enclave may require a duplicate system for business processes like email or security tools, creating a large compliance system that spans across a whole product segment or even an entire enterprise and goes far beyond just the CUI is significantly more expensive and time consuming.

 

CyberSheath is helping clients take the best step forward with its new Federal Enclave, which simplifies adherence to difficult cybersecurity business requirements. Register for CyberSheath’s webinar to learn more about the value of enclaves and how Federal Enclave can help.

Federal Enclave Webinar

CyberSheath Blog

2022 in Review: The CyberSheath Story Expands

This year marked a deluge of messaging about the Cybersecurity Maturity Model Certification (CMMC) and federal contractors were rightfully confused. With our keystone event, CMMC CON, we aimed to set the record straight and offer the best guidance for those in the Defense Industrial Base (DIB).   CMMC CON 2022…

CyberSheath Endorsed by Frost & Sullivan in First Independent Analyst Commentary on CMMC

Independent analyst firms have weighed in with commentary on nearly every discipline of information technology. Security has garnered a large portion of that IT discussion, yet until recently, Cybersecurity Maturity Model Certification (CMMC) compliance has been left out.   Frost & Sullivan changed that by selecting CyberSheath as its preferred…

Be Prepared: CMMC 2.0 Is Coming

Cybersecurity is increasingly important to safeguard your company, your customers, and your partners. We're moving into a global cyber era and we've got to get better at protecting ourselves.   Our adversaries are capitalizing on the lack of security controls in place in the defense industrial base (DIB) and we…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO