Does your organization handle CDI? These easy tips can help you understand what CDI is and how data is classified as CDI.
DFARS 7012(a) defines CDI as unclassified controlled technical information or other Controlled Unclassified Information (CUI) that requires safeguarding or dissemination controls. This means you have to understand both Unclassified Controlled Technical Information (UCTI) and CUI.
Controlled Unclassified Information, or CUI, isĀ defined by the National ArchivesĀ as āinformation that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.ā See theĀ National Archives CUI RegistryĀ for more information about what is and is not CUI.
DFARS 7012(a) defines controlled technical information as technical information with military or space application that is subject to controls ā assuming that it isnāt already lawfully publicly available without restrictions. The DFARS 7012 clause also says controlled technical information meets the criteria for distribution statements B through F in DoD Instruction 5230.24.
DoD Instruction 5230.24Ā provides the policies and rulesĀ for marking and managing technical documentsĀ toĀ denote the extent to which they are available for secondary distribution, release, andĀ dissemination without additional approvals or authorizations. It also establishes a standard framework and markings for managing, sharing, safeguarding, andĀ disseminating technical documents in accordance with policy and law.
You might be creating it. TheĀ DFARS 7012 clause says CDI can be ācollected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract.ā
The governmentās contracting officer has the responsibility for determining what data is and isnāt CDI.