32 CFR § 2002.54 - Misuse of Cui.

---
identifier: "/us/cfr/t32/s2002.54"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "32 CFR § 2002.54 - Misuse of CUI."
title_number: 32
title_name: "National Defense"
section_number: "2002.54"
section_name: "Misuse of CUI."
chapter_name: "INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION"
part_number: "2002"
part_name: "CONTROLLED UNCLASSIFIED INFORMATION (CUI)"
positive_law: false
currency: "2026-03-24"
last_updated: "2026-03-24"
format_version: "1.1.0"
generator: "[email protected]"
authority: "E.O. 13556, 75 FR 68675, 3 CFR, 2010 Comp., pp. 267-270."
regulatory_source: "81 FR 63336, Sept. 14, 2016, unless otherwise noted."
cfr_part: "2002"
---


# 2002.54 Misuse of CUI.

(a) The CUI SAO must establish agency processes and criteria for reporting and investigating misuse of CUI.

(b) The CUI EA reports findings on any incident involving misuse of CUI to the offending agency's CUI SAO or CUI Program manager for action, as appropriate.