Inspector General Finds CUI Practices Lacking at DoD

Security Clearance CUI controlled unclassified information

DoD’s implementation of Controlled Unclassified Information (CUI) procedures is haphazard, inconsistent, and ineffective, according to a recently released Inspector General report.

The 93-page critique fulfills an audit request by the Senate Armed Services Committee, which raised concerns that the CUI program was being used to blunt transparency and oversight. The IG indirectly substantiated those concerns. However, it blamed the problems on bureaucratic bungling instead of official malfeasance, pointing, among other things, to differing understandings between DoD and the National Archives and Records Administration (NARA) – which sets government-wide standards for CUI – on whether the legislative branch constitutes “federal government officials.

Negative Review for DoD Civilians and Contractors

Nonetheless, the audit paints a troubling picture of a Department where personnel are insufficiently trained, documents are improperly marked, and confusion reigns over what actually constitutes CUI. Random samplings of documents and emails taken from a wide range of DoD components showed an overwhelming majority of them to be out of compliance with official policy. Most failed to properly apply CUI headers, footers, and portion markings. Others relied on legacy “For Official Use Only” (FOUO) markings – ostensibly because existing templates and databases had not yet been updated some 13 years after the Executive Order establishing the program.

DoD contractors also came under the microscope, with a finding that no oversight currently exists to ensure contractor personnel are completing mandated CUI trainings.

Ultimately, the IG concluded that DoD was not meeting the intent of Executive Order 13556 for standardizing the way the Executive Branch handles CUI. It also found that the continued use of improper or inconsistent CUI markings can increase the risk of the unauthorized disclosure of CUI or unnecessarily restrict the dissemination of information and create obstacles to authorized information sharing.

IG Recommendations

Among the IG’s recommendations pertinent to end users like individual DoD civilian employees, members of the Armed Forces, and contractors were:

  1. Completion by all personnel of the Department’s CUI Training (already mandatory, but ineffectively communicated as such by the Office of the Undersecretary for Intelligence and Security) – available via the Defense Counterintelligence and Security Agency website here.
  2. Review of “Controlled Unclassified Information Markings,” an additional training guide that provides details for properly marking documents and e‑mails containing CUI, including examples for marking headers and footers, and portion markings, available here.

 

This article is intended as general information only and should not be construed as legal advice. Although the information is believed to be accurate as of the publication date, no guarantee or warranty is offered or implied. Laws and government policies are subject to change, and the information provided herein may not provide a complete or current analysis of the topic or other pertinent considerations. Consult an attorney regarding your specific situation. 

 

Related News

Sean M. Bigley retired from the practice of law in 2023, after a decade representing clients in the security clearance process. He was previously an investigator for the Defense Counterintelligence and Security Agency (then-U.S. Office of Personnel Management) and served from 2020-2024 as a presidentially-appointed member of the National Security Education Board. For security clearance assistance, readers may wish to consider Attorney John Berry, who is available to advise and represent clients in all phases of the security clearance process, including pre-application counseling, denials, revocations, and appeals. Mr. Berry can be found at https://www.berrylegal.com/.