Controlled Unclassified Information is the largest category of sensitive government data — covering export-controlled technical data, law enforcement sensitive information, and privacy-protected records — that federal agencies and their contractors must protect under NIST SP 800-171 and forthcoming 32 CFR Part 2002 regulations. Zero Trust data controls — classification-aware access policies, encrypted-at-rest and in-transit enforcement, and per-user audit logging — directly address CUI protection requirements and are now explicitly referenced in CMMC 2.0 as the preferred implementation approach.
CUI