CUI Directive: Destroy Paper to 1mmx5mm Particle Size

3:48 pm Heidi White

CUI Directive: Destroy Paper to 1mmx5mm Particle Size

The new ISOO CUI directive, which affects all Executive branch agencies, has clear requirements for information end-of-life, mandating that all CUI information be destroyed to NIST 800-88 specifications. The specification for paper is a 1mmx5mm final particle size, which is the same particle size as required by the NSA for classified and top secret information. All of SEM’s high security shredders meet this mandate.

All unclassified information throughout the Executive branch that requires any safeguarding or dissemination control is characterized as Controlled Unclassified Information (CUI) and includes nearly all government agencies. Further, unclassified data such as For Official Use Only (FOUO), Sensitive But Unclassified (SBU), Personally Identifiable Information (PII), as well as information relating to critical infrastructure, defense, export control, financial, immigration, intelligence, international agreements, law enforcement, legal, natural and cultural resources, NATO, nuclear, patent, privacy, procurement and acquisition, proprietary business information, provisional, statistical, tax, and transportation all fall under this requirement.

Executive Order 13556 “Controlled Unclassified Information” (the Order) establishes a program for managing CUI across the executive branch and designates the National Archives and Records Administration (NARA) as Executive Agent to implement the Order and oversee agency actions to ensure compliance. The Archivist of the United States delegated these responsibilities to the Information Security Oversight Office (ISOO).

32 CFR Part 2002 “Controlled Unclassified Information” was issued by ISOO to establish policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements, and other facets of the program. The rule affects federal executive branch agencies that handle CUI and all organizations that handle, possess, use, share, or receive CUI — or which operate, use, or have access to federal information and information systems on behalf of an agency. Agencies therefore may not implement safeguarding or dissemination controls for any unclassified information other than those controls consistent with the CUI Program. Prior to the CUI Program, agencies often employed ad hoc, agency-specific policies, procedures, and markings to handle this information. This patchwork approach caused agencies to mark and handle information inconsistently.

The ISOO CUI directive, which affects all Executive branch agencies, has very clear requirements for information end-of-life, mandating that all CUI information be destroyed to NIST 800-88 specifications. For paper, the NIST 800-88 destruction specification is a 1mmx5mm final particle size, which is the same particle size as required by the NSA for classified and top secret information. Therefore, all CUI paper MUST be destroyed using a high security shredder that produces a final particle size of 1mmx5mm or less, such as those listed on the NSA/CSS 02-01 EPL for classified paper destruction. All of SEM’s high security shredders meet this mandate.

Explore More

Comply with the CUI Mandate

Be sure to shred all CUI to a 1mmx5mm particle size, which is the same particle required by the NSA for classified destruction. SEM has a comprehensive line of paper shredders to meet the CUI mandate.

  • EMP1000-HS Degausser, 0101 Crusher & iWitness
    Combine the EMP1000-HS NSA Listed Degausser with the Model 0101 NSA Listed Crusher and the iWitness end-of-life documentation tool for a Deguass, Destroy and Document Bundle to completely eliminate high security data from magnetic media in accordance with NSA...
    View Product