The Intelligence and National Security Alliance (INSA) has issued a new report that outlines the areas of concern when it comes to implementing the Controlled Unclassified Information (CUI) and lists eight recommendations to improve and achieve the CUI program’s goals.
INSA said Monday the report found that CUI requirements, adoption and implementation rules differ across agencies and that CUI rules do not clearly address ownership of proprietary information and do not effectively safeguard legacy CUI data.
The paper also uncovered issues with the program’s central management process to address inconsistent requirements and implementation across government.
“At the same time, onerous and inconsistent requirements burden government contractors with the need to establish multiple information management and security practices – all while imposing consequences for failing to adhere to unclear guidance or to protect information whose status can change without warning,” the report’s conclusion reads.
Some of the report’s recommendations are simplifying the CUI program; clarifying the impact of CUI designation on proprietary information; assessing the effectiveness of CUI controls amid current cyber threats; codifying how CUI implementation costs will be calculated for industry bidding and compensation; and revising CUI rules to clarify handling of legacy-marked materials.