Many of DOD's computer systems contain sensitive information that is unclassified but must be protected from public disclosure—known as Controlled Unclassified Information (CUI). CUI can be vulnerable to cyber attacks.
We analyzed DOD's data and found that while the DOD components have taken actions to implement cybersecurity requirements for CUI systems, none of the components were fully compliant. DOD requires 100% compliance.
DOD's Office of the Chief Information Officer recently issued guidance to the services reiterating the importance of implementing CUI requirements by March 2022.
Cybersecurity has been on our High Risk list since 1997.