Critical Energy Infrastructure Information

Designation evidence

• NARA authority row: 18 CFR 388.113 | status: Specified | banner: CUI//SP-CEII.
• DoD authority row: 18 CFR 388.113. DoD lists this citation for the category; this DoD detail page does not display a separate Basic/Specified field.
• Related authority evidence: 18 CFR 388.113 | status: Specified | banner: CUI//SP-CEII
• Related authority evidence: DoD lists this authority for the category; the linked authority text is extracted below when available.
• Registry designation context: Specified, CUI//SP-CEII. The linked authority text contains category-scope or applicability language that helps determine when the information falls within this CUI category. The linked authority text contains disclosure, access, protection, release, dissemination, or distribution-control language relevant to handling. The linked authority text contains violation, penalty, sanction, or enforcement language that may affect consequences for mishandling.
• Registry designation for this category is Specified with banner CUI//SP-CEII.

Extracted authority meaning

• (a) Scope. This section governs the
• Registry designation context: Specified, CUI//SP-CEII. The linked authority text contains category-scope or applicability language that helps determine when the information falls within this CUI category. The linked authority text contains disclosure, access, protection, release, dissemination, or distribution-control language relevant to handling. The linked authority text contains violation, penalty, sanction, or enforcement language that may affect consequences for mishandling.

Operating conditions

• NARA category scope used with this authority: Critical energy infrastructure information means specific engineering, vulnerability, or detailed design information about proposed or existing critical infrastructure that: (i) Relates details about the production, generation, transportation, transmission, or distribution of energy; (ii) Could be useful to a person in planning an attack on critical infrastructure;... and (iii) Does not simply give the general location of the critical infrastructure.
• DoD category scope used with this authority: Critical energy infrastructure information means specific engineering, vulnerability, or detailed design information about proposed or existing critical infrastructure that: (i) Relates details about the production, generation, transportation, transmission, or distribution of energy; (ii) Could be useful to a person in planning an attack on critical infrastructure;... and (iii) Does not simply give the general location of the critical infrastructure.
• 18 CFR 388.113 | status: Specified | banner: CUI//SP-CEII
• DoD lists this authority for the category; the linked authority text is extracted below when available.
• NARA registry status: Specified. Per-authority NARA status values: Specified. NARA banner marking evidence: CUI//SP-CEII. The registry evidence is preserved here; detailed primary-law or regulation text analysis remains pending for this category.
• NARA category scope: Critical energy infrastructure information means specific engineering, vulnerability, or detailed design information about proposed or existing critical infrastructure that: (i) Relates details about the production, generation, transportation, transmission, or distribution of energy; (ii) Could be useful to a person in planning an attack on critical infrastructure;... and (iii) Does not simply give the general location of the critical infrastructure.
• Extracted authority condition: When a FOIA requester brings suit to compel disclosure of informa- tion for which a person has claimed privileged treatment, the Commission will notify the person who submitted the documents of the suit. [Order 769, 77 FR 65476, Oct. 29, 2012, as amended by Order 833, 81 FR 93748, Dec. 21, 2016] § 388.113 Critical Energy/Electric In- frastructure Information (CEII).
• Extracted authority condition: For purposes of this section: (1) Critical electric infrastructure infor- mation means information related to critical electric infrastructure, or pro- posed critical electrical infrastructure, generated by or provided to the Com- mission or other Federal agency other than classified national security infor- mation, that is designated as critical electric infrastructure information by the Commission or the Secretary of the Department of Energy pursuant to sec- tion 215A(d) of the Federal Power Act.
• Extracted authority condition: This section governs the procedures for submitting, designating, handling, sharing, and disseminating Critical Energy/Electric Infrastructure Information (CEII) submitted to or generated by the Commission.
• Extracted authority condition: Critical Electric In- frastructure Information is exempt from mandatory disclosure under the Freedom of Information Act, 5 U.S.C. 552(b)(3) and shall not be made avail- able by any Federal, State, political subdivision or tribal authority pursu- ant to any Federal, State, political subdivision or tribal law requiring pub- lic disclosure of information or records pursuant to section 215A(d)(1)(A) and (B) of the Federal Power Act.

Safeguarding and dissemination controls

• NARA registry control evidence: status Specified; banner marking CUI//SP-CEII.
• Nara basic or specified: Specified
• Nara authority rows: 18 CFR 388.113 | status: Specified | banner: CUI//SP-CEII || 10 CFR 1004.13 | status: Specified | banner: CUI//SP-CEII
• Nara banner markings: CUI//SP-CEII
• No DoD required dissemination control is listed on the registry page. Apply approved limited dissemination controls only when required or permitted by the designating agency or governing authority.
• Use the registry assertions, NARA authority rows, DoD authorities, DoD policies, warning statements, required dissemination controls, and examples first. Where the cited authority does not specify a handling detail, apply CUI Basic safeguards and dissemination rules so long as they do not conflict with the authority or agency-specific controls.
• Extracted authority control: (5) Submitters of CEII shall receive notification of a limited release of CEII no less than five business days before disclosure, except in instances where voluntary sharing is necessary for law enforcement purposes, to maintain in- frastructure security, to address poten- tial threats, when notice would not be practicable, and where there is an ur- gent need to quickly disseminate the information.
• Extracted authority control: The non-disclosure agreement will, at a minimum, require the following: CEII will only be used for the purpose for which it was requested; CEII may only be discussed with authorized recipi- ents; CEII must be kept in a secure place in a manner that would prevent unauthorized access; CEII must be de- stroyed or returned to the Commission upon request; the Commission may audit the recipient’s compliance with the non-disclosure agreement; CEII provided pursuant to the agreement is not subject to release under either FOIA or Sunshine Laws; a recipient is obligated to protect the CEII even after a designation has lapsed until the CEII Coordinator determines the informa- tion should no longer be designated as CEII under paragraph (e)(2) of this sec- tion; and a recipient is required to promptly report all unauthorized dis- closures of CEII to the Commission.
• Extracted authority control: (vi) Subject to the exceptions set forth in paragraph (f)(5) of this section, when a CEII requester seeks informa- tion for which CEII status has been claimed, or when the Commission itself is considering release of such informa- tion, the CEII Coordinator or any other appropriate Commission official will notify the person who submitted the information and give the person an op- portunity (at least five business days) in which to comment in writing on the request.
• Extracted authority control: To obtain access to CEII, an agency employee must sign an ac- knowledgement and agreement, which states that the agency will protect the CEII in the same manner as the Com- mission and will refer any requests for the information to the Commission.
• Extracted authority control: I (4–1–18 Edition) § 388.113 of the organization, and that all indi- viduals in the organization that have access to the CEII will agree to be bound by a non-disclosure agreement that must be executed.
• Extracted authority control: Any officers, employees, or agents of the Commission who knowingly and willfully disclose CEII in a manner that is not authorized under this section will be subject to ap- propriate sanctions, such as removal from the federal service, or possible re- ferral for criminal prosecution.
• Extracted authority control: The jus- tification must provide how the infor- mation, or any portion of the informa- tion, qualifies as CEII, as the terms are defined in paragraphs (c)(1) and (2) of

Designation evidence

• NARA authority row: 10 CFR 1004.13 | status: Specified | banner: CUI//SP-CEII.
• Related authority evidence: 10 CFR 1004.13 | status: Specified | banner: CUI//SP-CEII

Extracted authority meaning

None listed

Operating conditions

• NARA category scope used with this authority: Critical energy infrastructure information means specific engineering, vulnerability, or detailed design information about proposed or existing critical infrastructure that: (i) Relates details about the production, generation, transportation, transmission, or distribution of energy; (ii) Could be useful to a person in planning an attack on critical infrastructure;... and (iii) Does not simply give the general location of the critical infrastructure.
• 10 CFR 1004.13 | status: Specified | banner: CUI//SP-CEII
• NARA registry status: Specified. Per-authority NARA status values: Specified. NARA banner marking evidence: CUI//SP-CEII. The registry evidence is preserved here; detailed primary-law or regulation text analysis remains pending for this category.
• NARA category scope: Critical energy infrastructure information means specific engineering, vulnerability, or detailed design information about proposed or existing critical infrastructure that: (i) Relates details about the production, generation, transportation, transmission, or distribution of energy; (ii) Could be useful to a person in planning an attack on critical infrastructure;... and (iii) Does not simply give the general location of the critical infrastructure.

Safeguarding and dissemination controls

• NARA registry control evidence: status Specified; banner marking CUI//SP-CEII.
• Nara basic or specified: Specified
• Nara authority rows: 18 CFR 388.113 | status: Specified | banner: CUI//SP-CEII || 10 CFR 1004.13 | status: Specified | banner: CUI//SP-CEII
• Nara banner markings: CUI//SP-CEII
• No DoD required dissemination control is listed on the registry page. Apply approved limited dissemination controls only when required or permitted by the designating agency or governing authority.
• Use the registry assertions, NARA authority rows, DoD authorities, DoD policies, warning statements, required dissemination controls, and examples first. Where the cited authority does not specify a handling detail, apply CUI Basic safeguards and dissemination rules so long as they do not conflict with the authority or agency-specific controls.