August 02, 2019

NIST 800-171 3.1.3

Gregory Morawietz

Gregory Morawietz
Founder/Single Point of Contact

Share This Post

Control the flow of CUI in accordance with approved authorizations

CUI is Controlled Unclassified Information. This is the data that needs to be protected. You need to protect how it arrives, who has access to it, who might have access to where it is stored, how it is stored, etc.  You need to protect this data and how it gets to your network as well as its ultimate destination.  How CUI arrives and who has authorization to access it is the basis of this control. You should create a workflow diagram and describe how CUI is delivered, through encrypted email, through a secure ftp site, through an encrypted drive, through an upload feature in your Saas based product and then describe who is authorized to access it. You also want to make sure that you are in control of this information at all times.  You don't want to allow non authorized individuals to be able download, view, or look at this data at any time.

Share This Post