Skip to main content

Controlled Unclassified Information (CUI)

Purpose of the CUI Program

Federal agencies routinely generate, use, store, and share information that, while not classified, still requires some level of protection from unauthorized access and release. Protection may be required for privacy, critical infrastructure, law enforcement, contractual protections, or other reasons.

Historically, each agency developed its own practices for sensitive information, resulting in a patchwork of processes across federal agencies. Similar information might be labeled differently, or different types of information might have the same markings with different meanings depending on each organization’s usage. The CUI Program is a unified effort between Executive Branch agencies to standardize these protections and practices across departments and agencies.

Federally Mandated for Better Protections and Easier Sharing

Established by Executive Order 13556 and implemented by 32 CFR part 2002, the CUI Program is now being implemented across Executive Branch agencies and departments. Sharing CUI is authorized for any Lawful Government Purpose, which is any activity, mission, function, or operation that the U.S. Government recognizes as within the scope of its legal authorities. The CUI Program will enable timely and consistent information sharing while better protecting sensitive information not only throughout TVA and the Federal government, but also with our non-Federal partners.

Implementation Timeline

  • Implementation of the CUI Program at TVA will begin by 12/31/21. Once begun, we’ll start using CUI markings and processes across TVA.
  • Awareness training will be required for all employees and contractors. Specialized training/briefings will be provided for those who create and manage CUI on a regular basis.
  • New contracts will contain clauses to include CUI terminology and practices.
  • Full transition to CUI by all Executive Branch agencies is anticipated by 12/31/21.

In the meantime, TVA will continue following current policies and procedures used for handling PII, critical infrastructure, legal, and other sensitive information. There will be a crossover time of using old and new processes as we begin converting to CUI markings and procedures.


For questions or additional information, please contact the CUI Program Manager at [email protected].