Official websites use .mil
Secure .mil websites use HTTPS
Not necessarily. It depends on what PII is on the document. The document becomes CUI when individual pieces of PII are combined which can then be used collaboratively to identify a specific individual. Examples of PII include:
When a Federal agency requests that you provide personal information (name, date of birth, social security number, etc.) for a system of records, regardless of the method used to collect the information (i.e., forms, personal or telephonic interview, etc.), a Privacy Act Statement (PAS) is required. If the information requested will not be included in a system of records, a PAS is not required. Is the DD Form 2875, "System Access Authorization Request," CUI because it contains the EDIPI? No, presence of the EDIPI (DoD ID number) alone does not make the form CUI. What is PII? PII is any information that permits the identity of an individual to be directly or indirectly inferred, including any information which is linked or linkable to an individual. Some PII is not sensitive, such as that found on a business card, and would not be CUI Privacy information. Other PII is sensitive PII, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Sensitive PII requires stricter handling guidelines and, in most cases, is controlled as CUI Privacy. Examples of sensitive PII that should be controlled as CUI Privacy include: Social Security number (SSN), alien registration number (A-Number), or biometric identifier (e.g., fingerprint, iris scan). Other data elements such as a driver's license number, financial information, citizenship or immigration status, or medical information, in conjunction with the identity of an individual, are also considered Sensitive PII. Sometimes, the context of the PII may determine its sensitivity.