Publications
Alert

President Obama Signs Executive Order Regarding Standardizing Requirements for “Controlled Unclassified Information”

Maritime and Chemical Industry Developments Advisory

This is a joint Maritime and Chemical Industry Developments Advisory Alert.

New Development
On November 4, 2010, President Obama signed Executive Order 13556 to standardize the way the Executive Branch handles information that requires protection, but is not classified. The Order states that such information, described as Controlled Unclassified Information or “CUI”, will now be regulated by an “open and uniform program” that “emphasizes the openness and uniformity of Government-wide practice.” The Executive Order further directs that the “CUI categories and subcategories shall serve as exclusive designations for identifying unclassified information throughout the Executive Branch that requires safeguarding or dissemination controls, pursuant to and consistent with applicable law, regulations, and Government-wide policies.”

Background
The Intelligence Reform and Terrorism Prevention Act (“IRTPA”), signed into law on December 14, 2004, requires the President to issue “guidelines for acquiring, accessing, sharing and using information, including guidelines to ensure that information is provided in its most shareable form.” On December 16, 2005, President Bush issued five guidelines in accordance with IRTPA. Guideline 3 called for the Secretary of Homeland Security and the Attorney General to submit recommendations to the President for the standardization of Sensitive But Unclassified (“SBU”) information procedures. On May 7, 2008, President Bush signed a Presidential Memorandum for the heads of executive departments and agencies titled Designation and Sharing of Controlled Unclassified Information. The Bush Memorandum specifically exempted Sensitive Security Information (“SSI”), Protected Critical Infrastructure Information (“PCII”), Chemical-Terrorism Vulnerability Information (“CVI”), and Safeguards Information (“SGI) by stating that the framework was to be used for these categories to “the maximum extent possible, but shall not affect or interfere with specific agency regulatory requirements for marking, safeguarding, and disseminating.” Executive Order 13556 rescinds the May 2008 Memorandum signed by President Bush, except for information that is classified under Executive Order 13526 of December 29, 2009 (Classified National Security Information) or the Atomic Energy Act.
 
Executive Order 13556

Currently, there are more than 100 different policies and markings for SBU information across the Executive Branch. As a result, there is no common definition and no common protocols describing under what circumstances a document should be marked, under what circumstances a document should no longer be considered SBU, and what procedures should be followed for properly safeguarding or disseminating SBU information. Executive Order 13556 was intended to simplify this ad hoc, agency-specific approach, thereby removing “inefficiency and confusion” which resulted in “a patchwork system that fails to adequately safeguard information requiring protection, and unnecessarily restricts information sharing by creating needless impediments.”

Executive Order 13556 designates the National Archives and Records Administration (“NARA”) as Executive Agent for CUI. In this role, NARA has the authority and responsibility to oversee and manage the implementation of the CUI Program.

The Executive Order establishes a relatively narrow timeframe for implementation. Within 180 days from the date of the Executive Order, each agency head must submit a catalogue of proposed categories and subcategories of CUI. Within the same 180 day time period, NARA, in consultation with the affected agencies, must issue initial directives for the implementation of the Executive Order. Then, within 180 days from the issuance of the initial directives by the Executive Agent, each agency that handles CUI must provide the Executive Agent with a proposed plan for compliance with the requirements of the Executive Order, including the establishment of interim target dates. Within one year from the date of the Executive Order, the Executive Agent must establish and maintain a public CUI registry reflecting the authorized CUI categories and subcategories, associated markings, and applicable safeguarding, dissemination, and decontrol procedures.
 
Recommendations and Conclusions

Executive Order 13556 could potentially have a significant impact on entities regulated under the Maritime Transportation Security Act of 2002 (“MTSA”) and Chemical Facility Anti-Terrorism Standards (“CFATS”), as well as those companies that voluntarily participate in the program established under the Critical Infrastructure Information Act. For example, such entities may eventually deal with a singular category or subcategory of CUI instead of SSI, CVI, or even PCII. However, such uniformity may be difficult to achieve, because some categories of sensitive information are based on statute, or have existing regulatory schemes that already establish marking, safeguarding, and dissemination procedures for SSI, CVI, and PCII, for example.

Companies subject to MTSA and CFATS should closely monitor implementation of this Executive Order to ascertain what impacts, if any, it may have on compliance efforts. Blank Rome will be able to assist you with an understanding of the practical and legal implications.
 
Notice: The purpose of this Maritime Developments Advisory is to identify select developments that may be of interest to readers. The information contained herein is abridged and ­summarized from various sources, the accuracy and completeness of which cannot be assured. The Advisory should not be construed as legal advice or opinion, and is not a substitute for the advice of counsel. Additional information on Blank Rome may be found on our website, www.blankrome.com.