Receiving Controlled Unclassified Information (CUI)

Immediate Actions:

  1. Determine if the Email is Authorized
    • Verify if the sender was authorized to send CUI via email.
    • Ensure the email was sent to appropriate recipients with a need-to-know.
  2. Check for Proper Markings
    • Ensure the email and attachments are correctly marked with CUI designations (e.g., “CUI” in subject line, banner markings).
    • If markings are missing or incorrect, contact the sender for clarification.
  3. Assess Email Security
    • If the email is unencrypted and contains CUI, report the incident as it may be a violation.
    • CUI should be transmitted only through approved encrypted channels (e.g., DoD Safe, secure email gateways).

Reporting & Remediation:

  1. Report a Potential Incident
    • Notify your organization’s Security Office, IT Security Team, or CUI Program Manager immediately.
  2. Do Not Forward or Reply with CUI
    • Do not forward the email unless explicitly authorized.
    • If a response is necessary, ensure encryption is enabled before replying.
  3. Secure the Information
    • Move the email to a secure, approved location (OneDrive or Secure Data Enclave SDE).
    • Delete unauthorized copies or request proper sanitization if needed.

Copyright 2023.  All rights Reserved.