General Lab Information

Classified Information

Classified national security information is information created or received by an agency of the federal government or a government contractor that would damage national security if improperly released.

The President of the United States manages the system of classifying information by executive order (E.O.); the most recent order concerning classified national security information is E.O. 13526, signed by President Obama on December 29, 2009.

What is Classified Information?

At Brookhaven Lab and other DOE National Labs, Classified Assets are divided into two categories; Collateral and National Security Information (NSI).

Collateral – Information that falls outside of the scope of NSI (i.e. federally regulated statute) but remains classified per DOE Orders and appropriate classification guides, must be protected against unauthorized dissemination. This information pertains to (but is not limited to), information classified under the Atomic Energy Act, Restricted Data (RD), Formerly Restricted Data (FRD), and Transclassifed Foreign Nuclear Information (TFNI).

National Security Information (NSI) – Information that has been determined pursuant to E.O. 13526 and is governed by federal regulations, to require protection against unauthorized disclosure. This information pertains to (but is not limited to), military plans, foreign government information, intelligence activities, scientific and technology matters relating to national security, and United States Government programs for safeguarding nuclear materials or facilities.

How is information determined to be Classified?

Information can only be classified if an official determination is made that unauthorized release would damage national security. Levels of classification correspond to levels of potential damage. Information whose release would cause “exceptionally grave damage to national security” is classified TOP SECRET; information whose release would cause “serious damage” is classified SECRET; CONFIDENTIAL is the lowest category of classified information currently in use. RESTRICTED DATA (RD) marking is used to denote collateral information.

Are all Classified Assets in writing?

Classified information may take any form. Though paper documents are most common, there are classified photographs, maps, motion pictures, videotapes, databases, microfilms, hard drives, CDs, people, etc. Regardless of medium, classified assets require protection until they have been formally declassified.

How could a researcher receive Classified Assets?

A cleared researcher may receive classified assets from the federal government or a federal government prime contractor when conducting contract work for the federal government or when conducting work at a government or federal government prime contractor facility. Appropriate clearance (from the federal government) is required to handle classified assets.

Controlled Unclassified Information (CUI)

What is Controlled Unclassified Information (CUI)?

CUI is sensitive information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or DOE Orders and classification guides

Examples include (but are not limited to) health documents, proprietary material, export-controlled information, or any other information that the government may mark as "for official use only" or "confidential".

What are the federal regulations for CUI?

Executive Order 13556 “Controlled Unclassified Information” (the Order) establishes a program for managing CUI across the Executive branch and designates the National Archives and Records Administration (NARA) as Executive Agent to implement the Order and oversee agency actions to ensure compliance. The Archivist of the United States delegated these responsibilities to the Information Security Oversight Office (ISOO).

32 CFR Part 2002 "Controlled Unclassified Information" was issued by ISOO to establish policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements, and other facets of the Program. The rule affects Federal executive branch agencies that handle CUI and all organizations (sources) that handle, possess, use, share, or receive CUI—or which operate, use, or have access to Federal information and information systems on behalf of an agency.

How could a researcher receive CUI?

A researcher may receive CUI from the federal government or a federal government prime contractor when conducting CONTRACT work for the federal government.

The Department of Defense has enacted specific guidelines for the protection of CUI. Other federal agencies are expected to follow the Department of Defense in adopting federal acquisition clauses specific to the protection of CUI.

Department of Defense (DoD)

Covered Defense Information (CDI) is a term defined in DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting as unclassified controlled technical information, or other information, as described in the CUI registry that requires safeguarding or dissemination controls.

What is required to comply with DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting?

The clause requires that the researcher and BNL meet specific National Institute of Standards and Technology (NIST) standards (NIST 800-171 Rev 1) to safeguard CDI/CUI.

For more information on classified assets contact Michael DePhillips at
For more information on CUI, contact Ian Ballantyne at