CUI feedback

[cchipman6]

1. CUICategoryCodeSimpleType, code CONREG: Please add “Entity Registration Information.” to the front of the definition.
2. CUICategoryCodeSimpleType: Please add new code “OPSEC” with definition: “Operations Security. Critical information determined to give evidence of the planning and execution of sensitive (frequently classified) government activities after going through a formal systematic vetting process in accordance with National Security Decision Directive Number 298. This process identifies unclassified information that must be protected. It almost always results from an agency’s official OPSEC program, or is otherwise commonly approved for use by the CUI Senior Agency Official.”
3. CUILimitedDisseminationControlCodeSimpleType, code DELIB: The code includes character string

[kstewart83]

In the REL TO documentation block it states:

Note: See list of approved country codes for use with REL TO here.

Is it intended that the here is linked to something? I'm not overly familiar with XSDs or NIEM, but it seems like that was intended to be some type of explicit connection.

[cchipman6]

In the REL TO documentation block it states: Note: See list of approved country codes for use with REL TO here.

Is it intended that the here is linked to something? I'm not overly familiar with XSDs or NIEM, but it seems like that was intended to be some type of explicit connection.

Thank you for the comment. This statement was inadvertently copied from the CUI website and should be deleted from the XSD.

[kstewart83]

Is there an intent to semantically bind the list of countries to something like ISO 3166 or something else within the NIEM model?

[cchipman6]

Is there an intent to semantically bind the list of countries to something like ISO 3166 or something else within the NIEM model? Yes, likely genc:CountryAlpha3CodeType.

[cdmgtri]

Code changes described above:

Operation	Type	Code	Definition
edit	cui:CUICategoryCodeSimpleType	CONREG	Entity Registration Information. Relating to non-public information collected during entity registration in the System for Award Management (SAM), the common source of vendor data for the United States Government.
add	cui:CUICategoryCodeSimpleType	OPSEC	Operations Security. Critical information determined to give evidence of the planning and execution of sensitive (frequently classified) government activities after going through a formal systematic vetting process in accordance with National Security Decision Directive Number 298. This process identifies unclassified information that must be protected. It almost always results from an agency’s official OPSEC program, or is otherwise commonly approved for use by the CUI Senior Agency Official.
edit	cui:CUILimitedDissemination-ControlCodeSimpleType	~&#10~DELIB	Portion marking abbreviation for Deliberative Process. Dissemination of information protected by the deliberative process privilege beyond the department, agency, or U.S. Government decision maker who is part of the policy deliberation can result in the loss of the privilege and is prohibited by this marking, unless the executive decision makers at the agency decide to disclose the information outside the bounds of its protection. Note: the Legal Privilege Category marking “PRIVILEGE” must be applied in order to use this limited dissemination control marking.
edit	cui:CUILimitedDissemination-ControlCodeSimpleType	REL TO	Authorized for release to certain nationals only. Information has been predetermined by the designating agency to be releasable or has been released only to the foreign country(ies)/international organization(s) indicated, through established foreign disclosure procedures and channels. It is NOFORN to all foreign country(ies)/international organization(s) not indicated in the REL TO marking. ~Note: See list of approved country codes for use with REL TO here.~ USA must always appear first when using REL TO followed by additional permitted trigraph country codes in alphabetical order.