What will I learn from "CUI Handling Rules for Everyday Employees"?

Store CUI only in approved, access-controlled systems and physical spaces. Ask the three sharing questions before any send: need, eligibility, channel. Destroy paper and media in a way an auditor will believe. Run a kitchen-table office that's still safe for CUI. Travel with CUI through hotels, lounges, ride shares, and customs. Report a suspected exposure inside the 24-hour window.

Who is "CUI Handling Rules for Everyday Employees" for?

Engineers, analysts, and coordinators handling CUI daily. HR specialists and accounts payable clerks with privacy CUI. Remote and hybrid employees working outside the office. Anyone who travels with a CUI-cleared laptop.

What are the key takeaways from "CUI Handling Rules for Everyday Employees"?

Encrypt at rest and in transit, every time. Report suspected exposure inside 24 hours — even if unsure. Never forward CUI to a personal account, ever.

Guide · Practical

CUI Handling Rules for Everyday Employees

Storage, sharing, destruction, travel, remote work — the daily playbook.

All guides

About this guide

10 min read28 pages · wallet card

Most CUI incidents are not espionage. They're a USB stick in a hotel, a forwarded email, an unlocked screen, a memo left on a printer tray. The basics are where almost every incident actually starts.

This guide is written for the people who touch CUI on the keyboard every single day — engineers, analysts, coordinators, HR, accounts payable, and the floor supervisors who walk past the printer twenty times an hour.

“Convenience is the most expensive feature you can add to a CUI workflow.”

What you'll learn

✓Store CUI only in approved, access-controlled systems and physical spaces.
✓Ask the three sharing questions before any send: need, eligibility, channel.
✓Destroy paper and media in a way an auditor will believe.
✓Run a kitchen-table office that's still safe for CUI.
✓Travel with CUI through hotels, lounges, ride shares, and customs.
✓Report a suspected exposure inside the 24-hour window.

Inside this guide

01
Chapter 1 — Storage
Approved tenants, role-based access, locked cabinets, sealed bins.
02
Chapter 2 — Sharing
The three-question check that prevents most leaks.
03
Chapter 3 — Destruction
Cross-cut shredders, media sanitization, and a clean destruction ledger.
04
Chapter 4 — Remote work
VPN, headphones, locked doors, blocked family members on screen-share.
05
Chapter 5 — Travel
Hotel Wi-Fi, privacy screens, checked-luggage rules, customs plans.
06
Chapter 6 — Incident reporting
The number to call and the 24-hour window every employee should memorize.
07
Appendix — Wallet card
Twelve-bullet playbook to keep beside your badge.

Who it's for

•Engineers, analysts, and coordinators handling CUI daily.
•HR specialists and accounts payable clerks with privacy CUI.
•Remote and hybrid employees working outside the office.
•Anyone who travels with a CUI-cleared laptop.

Key takeaways

→Encrypt at rest and in transit, every time.
→Report suspected exposure inside 24 hours — even if unsure.
→Never forward CUI to a personal account, ever.

Parabl says: most CUI incidents are not espionage — they're a USB stick in a hotel and a forwarded email. The basics matter most.

Handling rules describe how CUI moves through your day. Storage, transmission, sharing, printing, destruction, travel, and remote work each have their own purple line — cross it and the incident report writes itself.

Storage

CUI rests in approved, access-controlled systems and locked physical spaces.

Cloud storage in FedRAMP/IL-aligned tenants
On-prem drives with role-based access and audit logging
Physical: locked cabinets, restricted rooms, sealed bins

Sharing

Ask three questions before sending: does the recipient need to know, are they eligible, is the channel cleared for CUI?

Destruction

Cross-cut shredders for paper. Approved sanitization for media. Document the destruction — auditors love a clean ledger.

Remote work scenarios

VPN on every connection. Headphones on every call. Family blocked out of screen-share. Door locked during working sessions.

Travel scenarios

Hotel Wi-Fi only behind VPN. Privacy screens in lounges. Never leave CUI in checked luggage. Expect customs inspection — have a plan.

Incident reporting

Report suspected exposure within 24 hours, even if unsure. Better to over-report than under-report. Know the number before you need it.

Do

✓ Encrypt CUI at rest and in transit, every time.
✓ Verify the recipient list — twice — before sending.
✓ Use secure release printing; pick up prints immediately.
✓ Report suspected exposure within 24 hours.

Don't

✗ Email CUI to a personal address 'so I can work tonight.'
✗ Plug into random USB ports for a 'quick charge.'
✗ Toss CUI in the regular trash or recycling.
✗ Share a parent folder when you meant to share one file.

Take it further

Convert to training module Animated Parabl instructor version Talk to an expert

This guide is managed and controlled. Our team reviews each request and sends the guide via email.