Training & Education
Training & Education
When to Use an SF 901 Coversheet vs. When to Use a CUI Stamp
by Josh Manuel
on Apr 16 2026
When should you use an SF 901 Coversheet instead of a CUI Stamp? If you need to protect or identify printed CUI without changing the document, an SF 901 Coversheet is often the better choice. If you need direct banner markings on the document itself, a CUI Stamp is the right fit. This article breaks down the difference, explains common use cases, and helps contractors choose the best option for handling printed Controlled Unclassified Information.
Training & Education
by Josh Manuel
on Jan 28 2026
How do you properly mark Controlled Unclassified Information? This guide explains how to identify, label, and protect CUI across documents, computers, digital media, manufacturing areas, and controlled workspaces. It covers core CUI marking requirements, best practices by media type, common audit-failure mistakes, and a simple step-by-step framework for building a consistent CUI marking program aligned with NIST SP 800-171, DFARS 252.204-7012, and CMMC.
Training & Education
CUI 101: What Controlled Unclassified Information Really Is (and Why It Matters)
by Josh Manuel
on Jan 21 2026
If you work with the Department of Defense (DoD) or support the Defense Industrial Base (DIB), you’ve almost certainly heard the term CUI—but it’s also one of the most misunderstood concepts in compliance. Understanding Controlled Unclassified Information (CUI) is foundational to DFARS, NIST SP 800-171, and CMMC compliance.
This guide breaks it down clearly and practically.
Training & Education
FAQ: Is ITAR and EAR Information also CUI on DoD Contracts?
by Josh Manuel
on Dec 19 2025
Does ITAR or EAR-controlled technical data count as CUI under a DoD contract? In many cases, yes. When export-controlled technical data or technology is provided by the government or generated during DoD contract performance, it may qualify as CUI and require proper marking, access controls, and physical safeguarding. This guide explains how ITAR, EAR, DFARS 252.204-7012, and CUI requirements intersect, what manufacturers need to protect, and how to reduce compliance risk in engineering, production, quality, and visitor-access areas.
Training & Education
FAQ: Is ITAR and EAR also CUI?
by Josh Manuel
on Dec 19 2025
A common misconception is that ITAR or EAR compliance is separate from CUI or CMMC. Export-controlled information that is used, generated, or required for performance of a DoD contract qualifies as CUI. This FAQ answer offers authoritative, cited guidance from key regulations (32 CFR Part 2002, DoD Instructions 5200.48 and 5230.24, NARA CUI Registry) to ensure proper identification, marking, and facility-based protections of this highly regulated technical information.
For DoD contractors, export-controlled technical data and technology under ITAR and EAR qualify as Controlled Unclassified Information (CUI) in the Export Control (EXPT) category when provided by or generated during DoD contract performance, requiring proper CUI marking (e.g., DoD marking guidance) on all documents, files, and media to prevent unauthorized disclosure.
This same information demands robust safeguarding through designated CUI Zones—controlled physical and digital areas (such as engineering offices, manufacturing floors, quality/test labs, and visitor access points) equipped with signage, labeling, access controls, and visual/perceptual barriers to protect against inadvertent exposure to unauthorized persons, including foreign nationals restricted under ITAR/EAR. These marking and zoning requirements are integral to DFARS 252.204-7012 and CMMC compliance, combining ITAR/EAR access restrictions with CUI safeguarding obligations; failing to treat them as unified can lead to compliance gaps and contract risks.
On U.S. Department of Defense (DoD) contracts, technical data and technology controlled under the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) qualify as Controlled Unclassified Information (CUI) when they are used, generated, or handled in support of contract performance.
This is because DoD policy explicitly requires that export-controlled information be protected as CUI to prevent unauthorized disclosure, including disclosure to unauthorized foreign persons. When implementing DFARS 252.204-7012 and preparing for CMMC certification you must implement DoD policy
Training & Education
CMMC Mythbusters- CMMC 2.0/ DFARS Training & Education Series
by Hunter Edens
on Oct 30 2025
CMMC Mythbusters is BACK December 2025!
The popular CMMC 2.0/ DFARS training and education series CMMC Mythbusters returns December 15th- 19th, 2025! Once a six-part series, we have now condensed down to three parts, jam-packed with the latest updates and info you need to know to be compliant.
Join us live for the highly anticipated return of CMMC Mythbusters, led by the Chairman of the CMMC Industry Standards Council (CISC) and Chief Transformation Officer of DTC Global, Regan Edens.
Sign up for each part via the links below:
Part 1: "What Exactly Is CUI (Controlled Unclassified Information)?"
Part 2: "Commercial-Off-the-Shelf (COTS) vs CUI?"
Part 3: "Identifying & Properly Marking CUI"
This complimentary series is brought to by CUI Supply, DTC Global, and the University of Texas- Arlington.
