page contents ISO Transitioning specialists for the newest standards

EO 13556
Main Phone: 703-586-3250
Business Development: 941-284-7101
HomeISO StandardsTransitioningInstructionEO 13556ProfilePerformancePartnersNews

Presidential Executive Order 13556 
Controlled Unclassified Information
(CUI, NIST 800-171, and ISO/IEC 27001:2013)
November 2010, President Obama signed Executive Order 13556 Controlled Unclassified Information (CUI). 

December 2014, the National Institute of Standards and Technology published NIST 800-53A which provides the guidance for implementing the appropriate methods for CUI. Table F is the complete listing of what is required. 

June 2015, NIST published NIST SP 800-171 as a guide to ensure complete coverage of CUI. Table D provides a cross-reference between the requirements of CUI, NIST 800-53A, and ISO/IEC 27001:2013.
Let us know which standard(s) you need assistance with?

ISO 9001

ISO/IEC 20000

ISO/IEC 27001
ISO/IEC 27017
ISO/IEC 27018

ISO 13485

ISO 14001

OHSAS 18001

ISO 37001

Q: How can I tell if CUI applies to me?

A: The Executive Order is applicable when the effort involves Controlled Unclassified Information (CUI). CUI is unclassified information that: 

1) Requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies information, as described in the CUI Registry; 

2) Is provided to the contractor or is collected, developed, used, or stored by the contractor, in support of the performance of the contract; and 

3) Is marked or otherwise identified in the contract, task order, or delivery order. The clause is required for use in all Government solicitations and contracts, and must be included in subcontracts for operationally critical support or which involve CUI.

National Archives CUI Registry 
CUI Registry

(Please look closely at:
Procurement and Acquisition

then at:
48 CFR 3.104-4

then at:
3.104–4 Disclosure, protection, and marking of contractor bid or proposal information and source selection information. 

If this applies to your business in any way, then you must comply with the CUI Executive Order.

For instructions on how to mark any government documents you may have on your computers, go here: ​CUI Marking Handbook

Other publications:

NIST SP 800-53
NIST Special Publication 800-53A

NIST SP 800-171
NIST Special Publication 800-171

Use Table D to evaluate your gaps between CUI and ISO/IEC 27001:2013

DHS Cybersecurity Evaluation Tool

Request a Quick Quote today!
Click the Contact Us button below 
or email:
Time has ran out! December 31, 2017 was it.
If you get ISO/IEC 27001:2013 and ISO/IEC 27006:2015 certified, then you are up to 85% compliant with CUI.