Controlled Unclassified Information handling
Controlled Unclassified Information handling in Trade and Geopolitical Risk is under active pressure from two directions: the U.S. Department of Defense's CMMC 2.0 framework tightening contractor obligations around CUI protection, and the U.S. Department of Commerce Bureau of Industry and Security expanding its scrutiny of how export-controlled technical data flows through cross-border supply chains. Compliance teams in this sector are currently auditing third-party data-sharing agreements and access controls against NIST SP 800-171 requirements before enforcement timelines firm up.
Watch
- CMMC 2.0 phased rollout: which contract vehicles trigger Level 2 CUI obligations
- BIS enforcement actions targeting unauthorized CUI transfers in dual-use export contexts
- NIST SP 800-171 Rev. 3 delta: new controls that alter existing system security plan baselines
- Foreign ownership disclosure requirements intersecting CUI access under CFIUS conditions
Recent material activity in Trade & Geopolitical Risk
-
OFAC designates 14 entities linked to Russian defense procurement network
The Treasury Department's Office of Foreign Assets Control added 14 entities and 6 individuals to the Specially Designated Nationals list for their roles in procuring critical technology components for Russia's defense i…
Read a full sample brief → -
BIS adds 22 Chinese semiconductor entities to Entity List for advanced chip diversion
The Bureau of Industry and Security expanded export controls targeting Chinese semiconductor entities found to be diverting advanced computing chips through third-country intermediaries. New license requirements affect i…
Read a full sample brief →