Skip to content

Data Classification

Data Classification Process 
graph TD
    A([Define the purpose of data classification]) --> B([Define the scope of the data environment]);
    B --> C([Discover all in-scope data]);
    C --> D([Define sensitivity levels and classify the data]);
    D --> E([Develop data handling guidelines to deliver the appropriate level of security for each category of data])
    style A fill:#4051b5,color:#fff
    style B fill:#4051b5,color:#fff
    style C fill:#4051b5,color:#fff
    style D fill:#4051b5,color:#fff
    style E fill:#4051b5,color:#fff
Classification Examples

Category
Unclassified
Controlled Unclassified Information
Confidential
Secret
Top Secret
Color
Green
Purple
Blue
Red
Yellow
Definition
 Any data that is approved for public eye and access falls under this category. Government created or owned UNCLASSIFIED information that must be safeguarded from unauthorized disclosure Information in which the unauthorized disclosure could reasonably be expected to cause damage to the national security. Information in which the unauthorized disclosure could reasonably be expected to cause serious damage to the national security. Information in which the unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security.
Examples of Data
 Press releases, announcements, news, etc. Internal web pages, user guides, manuals, policies & procedures, inter-office memorandas, internal phone directories, etc. Foreign government informatants, personnel authentication information, isolated personnel reports Military plans, weapons systems, operations, foreign government information Intelligence activities, cryptology, foreign relations, scientific, technological or economic matters relating to national security; programs for safeguarding nuclear materials or facilities, vulnerabilities or capabilities of systems, installations, infrastructures, projects or plans, or protection services, production, or use of weapons of mass destruction

Category
Public [C1]
Internal Only [C2]
Confidential [C3]
Restricted [C4]
Color
Green
Blue
Yellow
Red
Definition
 Any data that is approved for public eye and access falls under this category. Any non-sensitive enterprise data that is meant to be used within the organization. This type of data is still sensitive and a specific team or employees of an organization are given access to it. Data that is highly sensitive in nature falls under this category. This data could cause legal consequences, reputational or financial damage, and loss of credibility upon its exposure
Examples of Data
 Vacany listings, brochures, press releases, marketing material, calendars, company news, newsletters, contracts, agreements, etc. Internal web pages, user guides, manuals, company policies, inter-office memorandas, internal phone directories, etc. Identity card number, address, bank information, biometric data, etc. Social Security numbers, medical and criminal records, credit card numbers, CVV, financial information, health data, employee records, etc.
Severity of Mishandling
 None Unauthorized disclosure would not significantly impact the company, or any of its stakeholders or employees. Unauthorized disclosure could result in significant adverse impact, embarrassment, or civil/criminal liability to the company, stakeholders, employees, or business partners. Unauthorized disclosure likely to result in significant adverse impact, embarrassment, or civil/criminal liability to the company, stakeholders, employees, or business partners.
Controls Summary
  • No restrictions on access
  • Copying of documents is unrestricted
  • May be left unsecured at any time
  • Disposal via normal paper waste
  • Access restricted to named individuals and groups
  • Copying of documents is unrestricted
  • May be left unsecured in trusted environments
  • Shred paper waste
  • Access restricted to named individuals and groups
  • Include appropriate notices regarding document or communication sensitivity
  • Copying of documents is unrestricted
  • Must be secured in locked cabinet or encrypted when not in use
  • Shred or burn paper waste
  • No transmission via fax (insecure methods)
  • Access restricted to named individuals and groups
  • Include appropriate notices regarding document or communication sensitivity
  • Copies can only be made by roles designated by senior management in applicable business unit or department
  • All copies are numbered and recorded when required by the applicable regulation
  • Must be secured in locked cabinet or encrypted when not in use
  • Shred or burn paper waste

CUI Categories

Please excuse the bad UX

Card grids wrap each grid item with a beautiful hover card that levitates on hover. However, they are experimental and for sponsors only. Once they release to general public, the section below will look beautiful.

Reference

  • Critical Infrastructure

    • Ammonium Nitrate
    • Chemical-terrorism Vulnerability Information
    • Critical Energy Infrastructure Information
    • Emergency Management
    • General Critical Infrastructure Information
    • Information Systems Vulnerability Information
    • Physical Security
    • Protected Critical Infrastructure Information
    • SAFETY Act Information
    • Toxic Substances
    • Water Assessments

  • Defense

    • Controlled Technical Information
    • DoD Critical Infrastructure Security Information
    • Naval Nuclear Propulsion Information
    • Unclassified Controlled Nuclear Information - Defense

  • Export Control

    • Export Controlled
    • Export Controlled Research

  • Financial

    • Bank Secrecy
    • Budget
    • Comptroller General
    • Consumer Complaint Information
    • Electronic Funds Transfer
    • Federal Housing Finance Non-Public Information
    • Financial Supervision Information
    • General Financial Information
    • International Financial Institutions
    • Mergers
    • Net Worth
    • Retirement

  • Immigration

    • Asylee
    • Battered Spouse or Child
    • Permanent Resident Status
    • Status Adjustment
    • Temporary Protected Status
    • Victims of Human Trafficking
    • Visas

  • Intelligence

    • Agriculture
    • Foreign Intelligence Surveillance Act
    • Foreign Intelligence Surveillance Act Business Records
    • General Intelligence
    • Geodetic Product Information
    • Intelligence Financial Refords
    • Internal Data
    • Operations Security

  • International Agreements

    • International Agreement Information

  • Law Enforcement

    • Accident Investigation
    • Campaign Funds
    • Committed Person
    • Communications
    • Controlled Substances
    • Criminal History Records Information
    • DNA
    • General Law Enforcement
    • Informant
    • Investigation
    • Juvenile
    • Law Enforcement Financial Records
    • National Security Letter
    • Pen Register/Trap & Trace
    • Reward
    • Sex Crime Victim
    • Terrorist Screening
    • Whistleblower Identity

  • Legal

    • Administrative Proceedings
    • Child Pornography
    • Child Victim/Witness
    • Collective Bargaining
    • Federal Grand Jury
    • Legal Privilege
    • Legislative Materials
    • Presentence Report
    • Prior Arrest
    • Protective Order
    • Victim
    • Witness Protection

  • Natural and Cultural Resources

    • Archaeological Resources
    • Historic Properties
    • National Park System Resources

  • North Atlantic Treaty Organization (NATO)

    • NATO Restricted
    • NATO Unclassified

  • Nuclear

    • General Nuclear
    • Nuclear Recommendation Material
    • Nuclear Security-Related Information
    • Safeguards Information
    • Unclassified Controlled Nuclear Information - Engery

  • Patent

    • Patent Applications
    • Inventions
    • Secrecy Orders

  • Privacy

    • Contract Use
    • Death Records
    • General Privacy
    • Genetic Information
    • Health Information
    • Inspector General Protected
    • Military Personnel Records
    • Personnel Records
    • Student Records

  • Procurement and Acquisition

    • General Procurement and Acquisition
    • Small Business Research and Technology
    • Source Selection

  • Proprietary Business Information

    • Entity Registration Information
    • General Proprietary Business Information
    • Ocean Common Carrier and Marine Terminal Operator Agreements
    • Ocean Common Carrier Service Contracts
    • Proprietary Manufacturer
    • Proprietary Postal

  • Provisional

    • Homeland Security Agreement Information
    • Homeland Security Enforcement Information
    • Information Systems Vulnerability Information - Homeland
    • International Agreement Information - Homeland
    • Operations Security Information
    • Peronnel Security Information
    • Physical Secrity - Homeland
    • Privacy Information
    • Sensitive Personally Identifiable Information

  • Statistical

    • Investment Survey
    • Pesticide Producer Survey
    • Statistical Information
    • US Census

  • Tax

    • Federal Taxpay Information
    • Tax Convention
    • Taxpayer Advocate Information
    • Written Determinations

  • Transportation

    • Railroad Safety Analysis Records
    • Sensitive Security Information
Classification Process Example 
graph TB
    A[Is the data intended for public disclosure?] --> |Yes| B>Public]
    A --> |No| C[Does it contain personal data?]
    C --> |Yes| D[Does it contain sensitive data, suspicion of illegal activities, criminal and administrative offences?]
    C --> |No| E[Does the disclosure of data cause negative impact to the company?]
    D --> |Yes| F>Restricted]
    D --> |No| G[Does the dislosure of data cause negative impact to company reputation?]
    E --> |Yes| H[Does the disclosure of data cause significant dame to company?]
    E --> |No| I>Internal Only]
    G --> |Yes| J>Confidential]
    G --> |No| I
    H --> |Yes| F
    H --> |No| J

    style A fill:#4051b5,color:#fff
    style B fill:green,color:#fff
    style C fill:#4051b5,color:#fff
    style D fill:#4051b5,color:#fff
    style E fill:#4051b5,color:#fff
    style F fill:red,color:#fff
    style G fill:#4051b5,color:#fff
    style H fill:#4051b5,color:#fff
    style I fill:blue,color:#fff
    style J fill:yellow,color:#000
  • Create the content of the header and footer you want.
  • Select everything in the header.
  • Click the Header button in the Header & Footer Tools ribbon, look at the bottom of the gallery, and click "Add selection to Header gallery".
  • Enter a name (and possibly other items) in the dialog that appears.
  • Select everything in the footer.
  • Click the Footer button and click "Add selection to Footer gallery".
  • Complete the dialog that appears.
  • When exiting Word, answer yes to the prompt about saving the Building Blocks.dotx template.

PowerPoint Labels

Click Here to download the PowerPoint.