Practitioner workshop on Controlled Unclassified Information identification, banner marking, portion marking, dissemination controls, and decontrol procedures. Aligned to NARA CUI Registry categories and 32 CFR Part 2002 requirements. Critical training for any organization receiving federal data.
Controlled Unclassified Information is one of the most misunderstood obligations facing federal contractors today. Agencies share CUI with contractors every day — in contracts, technical drawings, export-controlled research, and law enforcement records — yet the rules for handling, marking, and ultimately decontrolling that information remain inconsistently applied across the defense industrial base. This four-hour practitioner workshop closes that gap by working directly from the authoritative sources: the NARA CUI Registry and 32 CFR Part 2002, the federal rule that governs the CUI program government-wide.
The session opens with a structured walkthrough of how to use the NARA CUI Registry to determine whether information qualifies as CUI, which category and subcategory applies, and what handling obligations attach to that category. Participants will practice mapping realistic contractor scenarios — statements of work, technical data packages, personally identifiable information received from a government system — to the correct Registry entry. The difference between CUI Basic and CUI Specified is examined in detail, including how Specified categories impose handling requirements beyond the baseline.
Correct document marking is the most visible and most frequently cited deficiency in contractor CUI programs. This block covers the construction of compliant banner marks, including the required CUI designation indicator, category markings, and Limited Dissemination Controls. Participants then work through portion marking — applying marks at the paragraph, section, and chart level — and learn when portion marking is required versus optional under 32 CFR Part 2002. Common marking errors, mixed-classification documents, and email marking conventions are addressed with annotated examples.
Not all CUI can move freely within an authorized environment. This segment covers the authorized Limited Dissemination Controls established in the CUI Registry, how to append them correctly to a banner mark, and the organizational decisions required before applying controls such as FEDCON, NOFORN, and similar designators. Participants will understand the legal basis for each control and how to avoid applying unauthorized or invented dissemination restrictions — a compliance risk that can invalidate a marking and expose the organization to spillage liability.
CUI does not remain controlled forever. This session concludes with a practical review of decontrol: when information loses its CUI status, who has authority to decontrol, how to document that decision, and what records the contractor should retain. Participants will also examine how to handle situations where the originating agency has not provided clear decontrol instructions.
This workshop is designed for the practitioners who handle, review, generate, or transmit federal data as part of their daily work. Contracts administrators and program managers who receive government-furnished information will learn to recognize CUI on arrival and apply correct markings before forwarding it internally. Information security and compliance officers responsible for a CUI program will gain the regulatory depth needed to write defensible policies and train their colleagues. Systems administrators and IT staff who configure repositories, email systems, and collaboration tools for CUI storage will understand the marking context their technical controls are designed to protect. If your organization holds a federal contract that involves any sharing of government data, someone on your team needs this training — and this session is where that capability gets built.
Organizations looking to build or mature a full CUI program beyond marking mechanics should explore Cleared Systems' CMMC, CUI & DFARS Compliance services or speak with an advisor through our Compliance Program Development service. For organizations managing broader federal risk obligations, our Federal & SLED Risk Assessments provide the program-level view that puts CUI marking in its full regulatory context.
Ask about group rates, private delivery of this curriculum for your team, or whether this session fits your compliance roadmap.
Contact Us
