Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

this is made up information.

cmmc is not in effect, v1.02 is like 2 months old, and v2 is rumored to come out in a month or two.

nist 800-171, which is where the majority of cmmc comes from, didnt even require formal external attestation until like 6 months ago when dfars 252.204-7019 required posting in SPRS to continue doing business with the DoD.

ive never seen, nor heard of, anything actually marked as CUI.



I've recently seen documents marked CUI. And yes, I went with the most recent information. However, there are many possible markings, https://www.archives.gov/cui/registry/category-marking-list.

You might have seen documents marked 'Controlled' in the past.

800-171 has been required since 2017.

Edited to add link to DoD CUI Training https://www.dodcui.mil/Portals/109/Documents/Training%20Docs...


> ive never seen, nor heard of, anything actually marked as CUI.

That’s because CUI is a recent label. Per DoDI 5200.48, effective March 6, 2020, CUI is is replacing legacy labels such as For Official Use Only (FOUO), Sensitive But Unclassified (SBU), and Law Enforcement Sensitive (LES). [0]

[0] https://www.dodcui.mil/


> ive never seen, nor heard of, anything actually marked as CUI.

It's been around for more than 10 years. See CFR 2018 Title 32 Vol 6 Part 2002 (https://www.govinfo.gov/content/pkg/CFR-2018-title32-vol6/pd...) if you want details. DoD implementation ramped up about a year ago.


CUI is replacing FOUO. It is not made up. https://en.wikipedia.org/wiki/Controlled_Unclassified_Inform...

I actually received documents marked CUI last week.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: