STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 8 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Traditional Security Checklist

V-245847

CAT II (Medium)

Controlled Unclassified Information - Transmission by either Physical or Electronic Means

Rule ID

SV-245847r1226295_rule

STIG

Traditional Security Checklist

Version

V2R9

CCIs

None

Discussion

Failure to handle/transmit CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Executive Order 13556, Controlled Unclassified Information (CUI) The Information Security Oversight Office (ISOO): https://www.archives.gov/cui NIST FIPS 140-2, Security Requirements for Cryptographic Modules DODI 8520.2, "Public Key Infrastructure (PKI) and Public Key Enabling (PKE)" CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND); Enclosure A, paragraphs 13.a., 13.b.(2)(3), and Enclosure C, paragraphs 22.d,, 25.a.,d.,e.,f., 26.j.(2), and 35.a. NIST Special Publication 800-53 (SP 800-53), Controls: AC-17, AC-20, IA-2, SC-8, SC-9, and SC-23. DOD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DOD Information Security Program: Protection of Classified Information; Enclosure 7, paragraph 13. DODI 5200.48 Controlled Unclassified Information (CUI)

Check Content

1. CUI information and material may be transmitted via first class mail, parcel post, or, for bulk shipments, via fourth class mail. 

2. Electronic transmission of CUI information, e.g., email, shall be by approved secure communications systems or systems utilizing other protective measures such as Public Key Infrastructure (PKI) or transport layer security (e.g., https). 

3. Use of wireless telephones (cellphones, wireless hand-held phones, Bluetooth, etc.) should be avoided when other options are available. 

4. Transmission of CUI by facsimile machine (fax) is permitted; the sender is responsible for determining that appropriate protection will be available at the receiving location prior to transmission (e.g., machine attended by a person authorized to receive CUI; fax located in a controlled government environment).   

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment.

Fix Text

1. CUI information and material may be transmitted via first class mail, parcel post, or, for bulk shipments, via fourth class mail. 

2. Electronic transmission of CUI information, e.g., email, shall be by approved secure communications systems or systems utilizing other protective measures such as Public Key Infrastructure (PKI) or transport layer security (e.g., https). 

3. Use of wireless telephones (cellphones, wireless hand-held phones, Bluetooth, etc.) should be avoided when other options are available. 

4. Transmission of CUI by facsimile machine (fax) is permitted; the sender is responsible for determining that appropriate protection will be available at the receiving location prior to transmission (e.g., machine attended by a person authorized to receive CUI; fax located in a controlled government environment).