2002.4 - Definitions

Question 1

Any “executive agency”, the USPS, and any other independent entity within the executive branch that designates or handles CUI.

Answer 1

Agency

Question 2

An Agency is any “(a)_________ ______”, the (b)____, and any other (c)___________ ______ within the executive branch that designates or handles CUI.

Answer 2

(a) “executive agency”

(b) USPS

(c) independent entity

Question 3

Policies the agency enacts to implement the CUI Program within the agency, in accordance with the EO 13556, 32 CFR Part 2002, and the CUI Registry and approved by the CUI EA.

Answer 3

Agency CUI policies

Question 4

Any vehicle that sets out specific CUI handling requirements for contractors and other information-sharing partners when the arrangement with the other party involves CUI.

Answer 4

Agreements and arrangements

Question 5

An individual, agency, organization, or group of users that is permitted to designate or handle CUI IAW 32 CFR Part 2002.

Answer 5

Authorized holder

Question 6

Any area or space that an authorized holder deems to have adequate physical or procedural controls to protect CUI from unauthorized access or disclosure.

Answer 6

Controlled envrionment

Question 7

A general term that indicates the safeguarding and disseminating requirements associated with CUI Basic and CUI Specified.

Answer 7

Control level

Question 8

This is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or policy requires or permits an agency to handle using safeguarding or dissemination controls.

Answer 8

Controlled Unclassified Information (CUI)

Question 9

Controlled Unclassified Information (CUI) is information the (a)__________ _______ __ _________, or that an (b)______ _______ __ _________ ___ __ __ ______ __ __ __________ that a law, regulation, or policy requires or permits an agency to handle using safeguarding or dissemination controls.

Answer 9

(a) Government creates or possesses

(b) entity creates or possesses for or on behalf of the Government

Question 10

Controlled Unclassified Information (CUI) is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that ____, __________, or ________ _______ __ ______ an agency to handle using safeguarding or dissemination controls.

Answer 10

Laws, regulations, or policies require or permit

Question 11

CUI includes classified information? T/F

Answer 11

False

Question 12

CUI excludes information a non-executive branch entity possesses and maintains in its own systems that did not come from, or was not created or possessed by or for, an executive branch agency or an entity acting for an agency? T/F

Answer 12

True

Question 13

Requiring or permitting agencies to control or protect the information but providing no specific controls makes the information ___ _____?

Answer 13

CUI Basic

Question 14

CUI Basic requires or permits agencies to control or protect information, providing __ ________ controls.

Answer 14

No specific

Question 15

Requiring or permitting agencies to control or protect the information and providing specific controls for doing so makes the information ___ __________.

Answer 15

CUI Specified

Question 16

CUI Specified requires or permits agencies to control or protect information and provides ________ ________ for doing so.

Answer 16

Specific controls

Question 17

Requiring or permitting agencies to control the information and specifying only some of those controls, which makes the information (a)___ __________, but with (b)___ _____ controls where the authority does not specify.

Answer 17

(a) CUI Specified

(b) CUI Basic

Question 18

________ are safeguarding or dissemination controls that a law, regulation, or policy requires or permits agencies to use when handling CUI.

Answer 18

Controls

Question 19

CUI Basic is the subset of CUI for which the authorizing law, regulation, or policy ____ ___ ___ ________ __________ __ _____________ ________.

Answer 19

Does not set out specific handling or dissemination controls

Question 20

Agencies handle CUI Basic according to the uniform set of controls set forth in (a)__ __ ____ and the (b)___ ________.

Answer 20

(a) 32 CFR Part 2002

(b) CUI Registry

Question 21

CUI Basic controls apply whenever ___ __________ ones do not cover the involved CUI.

Answer 21

CUI Specified

Question 22

___ __________ are those types of information for which laws, regulations, or policies require or permit agencies to exercise safeguarding or dissemination controls, and which the CUI EA has approved and listed in the CUI Registry.

Answer 22

CUI categories

Question 23

CUI categories are those types of information for which laws, regulations, or policies require or permit agencies to exercise safeguarding or dissemination controls, and which the (a)___ __ has approved and listed in the (b)___ ________.

Answer 23

(a) CUI EA

(b) CUI Registry

Question 24

The markings approved by the CUI EA for the categories and subcategories listed in the CUI Registry.

Answer 24

CUI category or subcategory markings

Question 25

___ _________ _____ (__) is the National Archives and Records Administration (NARA), which implements the executive branch-wide CUI Program and oversees Federal agency actions to comply with the EO 13356.

Answer 25

CUI Executive Agent (EA)

Question 26

________ ________ ___ _______ ______________ (____) is the CUI Executive Agent (EA) which implements the executive branch-wide CUI Program and oversees Federal agency actions to comply with the EO 13556.

Answer 26

National Archives and Records Administration (NARA)

Question 27

NARA has delegated CUI authority to the ________ __ ___ ___________ ________ _________ _______ (ISOO).

Answer 27

Director of the Information Security Oversight Office (ISOO)

Question 28

___ _______ is the executive branch-wide program to standardize CUI handling by all Federal agencies.

Answer 28

CUI Program

Question 29

___ _______ _______ is an agency official, designated by the agency head or CUI Senior Agency Official (SAO), to serve as the official representative to the CUI EA on the agency’s day-to-day CUI Program operations, both within the agency and in interagency contexts

Answer 29

CUI Program manager

Question 30

___ ________ is the online repository for all information, guidance, policy, and requirements on handling CUI, including everything issued by the CUI EA other than this part.

Answer 30

CUI Registry

Question 31

The CUI Registry identifies all approved CUI __________ ___ _____________, provides general descriptions for each, identifies the basis for controls, establishes markings, and includes guidance on handling procedures.

Answer 31

Categories and subcategories

Question 32

___ ______ ______ ________ (___) is a senior official designated in writing by an agency head and responsible to that agency head for implementation of the CUI Program within that agency. The ___ ______ ______ ________ (___) is the primary point of contact for official correspondence, accountability reporting, and other matters of record between the agency and the CUI EA.

Answer 32

CUI senior agency official (SAO)

Question 33

___ _________ is the subset of CUI in which the authorizing law, regulation, or Government-wide policy contains specific handling controls that it requires or permits agencies to use that differ from those for CUI Basic.

Answer 33

CUI Specified

Question 34

The CUI Registry indicates which ____, ___________, and ________ include such specific requirements.

Answer 34

Laws, regulations, and policies

Question 35

CUI Specified controls may be more (a)_________ than, or may simply (b)______ from, those required by CUI Basic; the distinction is that the underlying authority spells out specific controls for CUI Specified information and does not for CUI Basic information

Answer 35

(a) stringent

(b) differ

Question 36

_____________ occurs when an authorized holder, consistent with 32 CFR Part 2002 and the CUI Registry, removes safeguarding or dissemination controls from CUI that no longer requires such controls. _________ may occur automatically or through agency action.

Answer 36

(a) Decontrolling

(b) Decontrol

Question 37

___________ ___ occurs when an authorized holder, consistent with 32 CFR Part 2002 and the CUI Registry, determines that a specific item of information falls into a CUI category or subcategory.

Answer 37

Designating CUI

Question 38

The authorized holder who designates the CUI must ____ __________ _____ __ __ _____________ CUI status in accordance with 32 CFR Part 2002.

Answer 38

Make recipients aware of the information’s CUI status

Question 39

___________ ______ is the executive branch agency that designates or approves the designation of a specific item of information as CUI.

Answer 39

Designating agency

Question 40

_____________ occurs when authorized holders provide access, transmit, or transfer CUI to other authorized holders through any means, whether internal or external to an agency.

Answer 40

Disseminating

Question 41

Any tangible thing which constitutes or contains information, and means the original and any copies (whether different from the originals because of notes made on such copies or otherwise) of all writings of every kind and description over which an agency has authority is a ________.

Answer 41

Document

Question 42

Documents are any tangible thing which constitutes or contains information? T/F

Answer 42

True

Question 43

_______ ___________ ______ is an information system used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency.

Answer 43

Federal information system

Question 44

Federal information systems exclude contractor or other organization information systems? T/F

Answer 44

False

Question 45

_______ _______ is a foreign government, an international organization of governments or any element thereof, an international or foreign public or judicial body, or an international or foreign private or non-governmental organization.

Answer 45

Foreign entity

Question 46

________ __________ ____ (___) is a type of information classified under the Atomic Energy Act, and defined in 10 CFR Part 1045, Nuclear Classification and Declassification.

Answer 46

Formerly Restricted Data (FRD)

Question 47

Handling is ___ ___ __ ___, including but not limited to marking, safeguarding, transporting, disseminating, re-using, and disposing of the information.

Answer 47

Any use of CUI

Question 48

______ __________ _______ is any activity, mission, function, operation, or endeavor that the U.S. Government authorizes or recognizes as within the scope of its legal authorities or the legal authorities of non-executive branch entities (such as state and local law enforcement).

Answer 48

Lawful Government purpose

Question 49

______ ________ is unclassified information that an agency marked as restricted from access or dissemination in some way, or otherwise controlled, prior to the CUI Program.

Answer 49

Legacy material

Question 50

_______ _____________ ______ is any CUI EA-approved control that agencies may use to limit or specify CUI dissemination.

Answer 50

Limited dissemination control

Question 51

______ __ ___ occurs when someone uses CUI in a manner not in accordance with the policy contained in EO13556, this part, the CUI Registry, agency CUI policy, or the applicable laws, regulations, and Government-wide policies that govern the affected information.

Answer 51

Misuse of CUI

Question 52

Misuse of CUI may include (a)___________ __________ or _____________ ______ in safeguarding or disseminating CUI.

Answer 52

(a) Intentional violations

(b) Unintentional errors

Question 53

Misuse of CUI may also include designating or marking information as CUI when __ ____ ___ _______ __ ___.

Answer 53

It does not qualify as CUI.

Question 54

________ ________ _______ is a special type of information system (including telecommunications systems) whose function, operation, or use is defined in National Security Directive 42 and 44 U.S.C. 3542(b)(2).

Answer 54

National Security System

Question 55

_____________ ______ ______ is a person or organization established, operated, and controlled by individual(s) acting outside the scope of any official capacity of the executive branch of the Federal Government.

Answer 55

Non-executive branch entity

Question 56

Non-executive branch entity includes foreign entities as defined in 32 CFR Part 2002? T/F

Answer 56

False

Question 57

Non-executive branch entity includes individuals or organizations when they receive CUI information pursuant to federal disclosure laws, including the Freedom of Information Act (FOIA) and the Privacy Act of 1974? T/F

Answer 57

False

Question 58

__ ______ __ __ ______ occurs when a non-executive branch entity uses or operates an information system or maintains or collects information for the purpose of processing, storing, or transmitting Federal information, and those activities are not incidental to providing a service or product to the Government.

Answer 58

On behalf of an agency

Question 59

_____ is Executive Order 13556, Controlled Unclassified Information, November 4, 2010 (3 CFR, 2011 Comp., p. 267), or any successor order.

Answer 59

Order

Question 60

The founding EO for the CUI Program is __ _____.

Answer 60

EO 13556

Question 61

_______ is ordinarily a section within a document, and may include subjects, titles, graphics, tables, charts, bullet statements, sub-paragraphs, bullets points, or other sections.

Answer 61

Portion

Question 62

__________ includes all controls an agency applies or must apply when handling information that qualifies as CUI.

Answer 62

Protection

Question 63

______ _______ occurs when the agency that originally designated particular information as CUI makes that information available to the public through the agency’s official ______ _______ processes

Answer 63

Public release

Question 64

Disseminating CUI to non-executive branch entities as authorized does not constitute public release? T/F

Answer 64

True

Question 65

Even though an agency may disclose some CUI to a member of the public pursuant to the Privact Act if 1974 or a FOIA request, the Government must still control that CUI unless the agency publicly releases it through its official public release processes? T/F

Answer 65

True

Question 66

_______ include Presidential papers or such items created or maintained by a Government contractor, licensee, certificate holder, or grantee that are subject to the sponsoring agency’s control under the terms of the entity’s agreement with the agency.

Answer 66

Records

Question 67

If a law, regulation, or policy (a)________ that agencies exercise safeguarding or dissemination controls over certain information, or specifically (b)_______ agencies the discretion to do so, then that information qualifies as CUI.

Answer 67

(a) requires

(b) permits

Question 68

__________ ____ (__) is a type of information classified under the Atomic Energy Act, defined in 10 CFR Part 1045, Nuclear Classification and Declassification.

Answer 68

Restricted Data (RD)

Question 69

______ means incorporating, restating, or paraphrasing information from its originally designated form into a newly created document.

Answer 69

Re-use

Question 70

________________ is an agency’s internally managed review and evaluation of its activities to implement the CUI Program.

Answer 70

Self-inspection

Question 71

________________ is an agency’s internally managed review and evaluation of its activities to implement the CUI Program.

Answer 71

Self-inspection

Question 72

Unauthorized disclosure occurs when an authorized holder of CUI _____________ __ _______________ _______ CUI without a lawful Government purpose, in violation of restrictions imposed by safeguarding or dissemination controls, or contrary to limited dissemination controls

Answer 72

Intentionally or unintentionally discloses

Question 73

____________ ____________ ___________ is information that neither the EO 13556 nor the authorities governing classified information cover as protected.

Answer 73

Uncontrolled unclassified information

Question 74

_______ ______ are documents or materials, regardless of form, that an agency or user expects to revise prior to creating a finished product.

Answer 74

Working papers