What is Covered Defense Information (CDI)?
Covered Defense Information (CDI) is a broad category that encompasses a wide range of information related to national defense. It can include (for example), classified and unclassified data and information controlled for other reasons, such as export control regulations.Â
Some examples of CDI include:
- Technical data and software related to the design, development, production, and use of defense systems, such as weapons systems, military vehicles, and other equipment.
- Information about military operations and plans, including details about troop movements, battle plans, and other sensitive information.
- Intelligence information, such as information gathered by the intelligence community, and information shared between different government agencies.
- Information about critical infrastructure and key resources, such as power plants, water supply systems, and other key assets important to national defense.
CDI protection is governed by several laws and regulations, including the National Industrial Security Program (NISP), and is implemented by the National Industrial Security Program Operating Manual (NISPOM). The NISPOM provides detailed guidance on the handling, storage, and dissemination of CDI, including rules for classification, marking, and safeguarding information, as well as procedures for handling and reporting incidents of unauthorized disclosure.
In addition to the NISPOM, other regulations and laws govern the protection of CDI, such as the FISMA (Federal Information Security Modernization Act) and the Cybersecurity Information Sharing Act (CISA). These laws help to ensure that organizations that handle CDI have appropriate controls in place to protect it from unauthorized access, use, and disclosure.
Another critical aspect of protecting CDI is the use of security clearances. To access CDI, individuals must have the appropriate level of security clearance, which the applicable government agency grants after a thorough background check. This process is designed to ensure that only individuals who have a “need to know” and are trustworthy are granted access to the information.
Protecting CDI is a continuous process that requires collaboration between the government and industry. The government sets the standards and regulations for the protection of CDI, while the industry is responsible for implementing these controls and ensuring they are effective.
In short, CDI is a term used by the United States government to refer to information related to national defense and protected from unauthorized disclosure.
It encompasses a wide range of information related to national defense and is protected by security clearance procedures, physical and cyber security measures, and regulations and laws. It is the responsibility of both government and industry to ensure that CDI is protected and only accessible to those who have a need to know.
The importance of Safer Internet Day has not changed
Compliance Standards and Regulations