31
electronic, magnetic, microfilm, photographic, or other means, as well as telephonic or
visual reproductions or oral statements, conversations, or events, and including, but not
limited to: correspondence, email, notes, reports, papers, files, manuals, books,
pamphlets, periodicals, letters, memoranda, notations, messages, telegrams, cables,
facsimiles, records, studies, working papers, accounting papers, contracts, licenses,
certificates, grants, agreements, computer disks, computer tapes, telephone logs,
computer mail, computer printouts, worksheets, sent or received communications of any
kind, teletype messages, agreements, diary entries, calendars and journals, printouts,
drafts, tables, compilations, tabulations, recommendations, accounts, work papers,
summaries, address books, other records and recordings or transcriptions of
conferences, meetings, visits, interviews, discussions, or telephone conversations,
charts, graphs, indexes, tapes, minutes, contracts, leases, invoices, records of purchase
or sale correspondence, electronic or other transcription of taping of personal
conversations or conferences, and any written, printed, typed, punched, taped, filmed, or
graphic matter however produced or reproduced. Document also includes the file, folder,
exhibits, and containers, the labels on them, and any metadata associated with each
original or copy. Document also includes voice records, film, tapes, video tapes, email,
personal computer files, electronic matter, and other data compilations from which
information can be obtained, including materials used in data processing.
● Federal information system is an information system that a Federal agency uses or
operates, or that a contractor or other non-executive branch entity operates on behalf of
an agency. An information system operated on behalf of an agency provides data
processing services to the agency that the Government might otherwise perform itself but
has decided to outsource. This includes systems operated exclusively for Government
use and systems operated for multiple users (multiple Federal agencies or Government
and private sector users) such as email services, cloud services, etc. A GSA information
system is an example of a federal information system.
● Foreign entity is a foreign Government, international or foreign public or judicial body,
international or foreign private organization (including contractors and vendors), foreign
individual (including contractors and vendors), or an element of such an organization that
is established, operated, and controlled by individual(s) acting outside the scope of any
official capacity as officers, employees, or agents of the executive branch of the Federal
Government.
● Full Operational Capability (FOC) is attained when all organizations scheduled to receive
a system have received it and have the ability to employ and maintain it. For the CUI
Program, FOC occurs when policy, training, physical requirements, and IT Systems are
all in place and align with the CUI Program. An agency can achieve FOC ahead of other
agencies.
● Handling is any use of CUI, including but not limited to marking, safeguarding,
transporting, disseminating, reusing, and disposing of the information.
● Initial Operational Capability (IOC) is attained when an agency has their CUI policy in
place, has verified physical safeguarding requirements, and has initiated (or completed)
training of its workforce. Some of the older protection practices might still be in place. An
agency IOC may be different than an IOC for the entire Executive branch.