What is a best practice for protecting Controlled Unclassified Information (CUI)?

Storing Controlled Unclassified Information (CUI) in a locked desk drawer after working hours is a best practice because it provides a physical layer of security. This action helps to protect sensitive information from unauthorized access, theft, or accidental exposure. By securing CUI in a locked space when it is not in use, you reduce the risk of individuals who are not authorized to view the information from accessing it.

Keeping CUI on your desktop for quick access may seem convenient, but it exposes the information to a range of risks such as unauthorized viewing if others can access your workspace or if your computer is left unattended. Sharing sensitive information openly among colleagues, while promoting transparency, contradicts the need for confidentiality that CUI requires, and it can lead to unintentional dissemination of sensitive information. Storing such information in a public cloud poses significant security risks, as these platforms may not have the necessary safeguards in place to protect sensitive data from unauthorized access or breaches. Thus, securely storing CUI is essential to maintaining its confidentiality and integrity.