CUI documents must be reviewed according to an agency’s prepublication and security review procedures before they are shared, released outside the organization, or published in any form.

Direct answer

For U.S. federal and DoD environments, Controlled Unclassified Information (CUI) must go through a formal prepublication review and security policy review, following the organization’s CUI implementation policies and the federal CUI Program requirements, before external release or public dissemination.

What “reviewed according to which procedures” means

When guidance, training, or exam questions ask:

“CUI documents must be reviewed according to which procedures before being released?”

they are referring to:

  • The organization’s prepublication review procedures (to ensure no classified or other protected information is embedded).
  • The applicable security policy review procedures (to confirm CUI is correctly identified, marked, and handled).

In many DoD/USG training materials, the expected phrase is along the lines of:

  • “Prepublication review and security policy review procedures”
  • Conducted by the CUI originator or an authorized CUI holder before approval for release.

Key steps typically involved

While details vary by agency, the review normally checks that:

  1. Information is correctly categorized as CUI
    • Compare the content against the official CUI Registry and agency supplements to confirm it qualifies as CUI and identify its category (privacy, legal, budget, etc.).
  1. All required CUI markings are applied
    • “CUI” on the top and bottom of each page for unclassified CUI documents.
 * Any required limited dissemination controls (like NOFORN, REL TO) are correctly indicated.

 * Designation indicator (who determined it is CUI, office, and types of CUI) is present when required.
  1. No classified or improperly releasable information is included
    • Prepublication/security reviewers verify the document does not inadvertently contain classified information or other restricted data not authorized for release.
  1. Transmission and handling instructions are correct
    • Ensure any transmittal emails, cover letters, or enclosures clearly indicate that CUI is attached and how it must be protected in transit and when separated from a cover document.

Example in plain language

Imagine you are preparing a report with personnel data and budget figures that qualify as CUI. Before you email it outside your agency or post it on a portal, you must:

  • Have an authorized reviewer check it for any classified or more sensitive information.
  • Confirm it is properly identified as CUI, with “CUI” in the banner lines and correct markings.
  • Complete the prepublication and security policy review steps spelled out in your agency’s CUI procedures.

Only after passing that review can the document be approved for external release.

Meta description: Learn which procedures CUI documents must be reviewed under before release, including prepublication review, security policy checks, and CUI marking requirements under the federal CUI Program.

Information gathered from public forums or data available on the internet and portrayed here.