CMMC Training Academy
CUI Explorer

DoD Critical Infrastructure Security Information

Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.

Registry statusNARA & DoD
MarkingDCRIT
Organizational index groupDefense
Updated2026-05-15

This page exposes extracted CUI registry and authority analysis as crawlable text. The interactive explorer remains the operational workspace for filtering, comparison, and voice-agent aligned study.

Open interactive explorer

Registry comparison

Field NARA Registry DoD Registry
Category description Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security. Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.
Category marking DCRIT DCRIT
Banner marking CUI No corresponding field
Basic or Specified Basic No corresponding field
Authorities 10 USC 130e 10 USC 130e, Presidential Policy Directive 21
DoD applicable policies No corresponding field None listed
Required warning statement No corresponding field None listed
Required dissemination control CUI None listed
Examples No corresponding field DoD priority installations, Security of weapons storage facilities, Structure vulnerabilities, NECC TOA/Information, SAWS inventory, Site security surveys for DoD assets, Program assessments for AT, LE, PS equities, Maps, diagrams, drawings of internal infrastructure
Registry date May 8, 2025 2026-05-15

Authority analysis

Authority title
Registry authority evidence compiled; primary authority text analysis pending
Authorities
Multiple registry authorities
Source currency
NARA last reviewed: May 8, 2025 | DoD detail accessed: 2026-05-15
How the authority operates
NARA registry status: Basic. Per-authority NARA status values: Basic. NARA banner marking evidence: CUI. The registry evidence is preserved here; detailed primary-law or regulation text analysis remains pending for this category.

Trigger conditions

  • NARA category scope: Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.

Covered information

  • DoD priority installations
  • Security of weapons storage facilities
  • Structure vulnerabilities
  • NECC TOA/Information
  • SAWS inventory
  • Site security surveys for DoD assets
  • Program assessments for AT, LE, PS equities
  • Maps, diagrams, drawings of internal infrastructure
  • Registry-described information: Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.

Specified controls

Nara basic or specified
Basic
Nara authority rows
10 USC 130e | status: Basic | banner: CUI
Nara banner markings
CUI

Safeguarding and dissemination controls

NARA Registry
CUI
DoD Registry
None listed
Authority analysis
No DoD required dissemination control is listed on the registry page. Apply approved limited dissemination controls only when required or permitted by the designating agency or governing authority.
Basic or Specified
Use the registry assertions, NARA authority rows, DoD authorities, DoD policies, warning statements, required dissemination controls, and examples first. Where the cited authority does not specify a handling detail, apply CUI Basic safeguards and dissemination rules so long as they do not conflict with the authority or agency-specific controls.

Related authorities

Authority-by-authority detail

10 USC 130e

Listed by: NARA Registry, DoD Registry, Related authorities

Designation evidence

  • NARA authority row: 10 USC 130e | status: Basic | banner: CUI.
  • DoD authority row: 10 USC 130e. DoD lists this citation for the category; this DoD detail page does not display a separate Basic/Specified field.
  • Related authority evidence: 10 USC 130e | status: Basic | banner: CUI
  • Related authority evidence: DoD lists this authority for the category; the linked authority text is extracted below when available.
  • Registry designation context: Basic, CUI. The linked authority text contains category-scope or applicability language that helps determine when the information falls within this CUI category. The linked authority text contains disclosure, access, protection, release, dissemination, or distribution-control language relevant to handling. The linked authority text contains violation, penalty, sanction, or enforcement language that may affect consequences for mishandling.
  • Registry designation for this category is Basic with banner CUI.

Extracted authority meaning

  • Page 131 TITLE 10—ARMED FORCES § 130f
  • Registry designation context: Basic, CUI. The linked authority text contains category-scope or applicability language that helps determine when the information falls within this CUI category. The linked authority text contains disclosure, access, protection, release, dissemination, or distribution-control language relevant to handling. The linked authority text contains violation, penalty, sanction, or enforcement language that may affect consequences for mishandling.

Operating conditions

  • NARA category scope used with this authority: Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.
  • DoD category scope used with this authority: Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.
  • 10 USC 130e | status: Basic | banner: CUI
  • DoD lists this authority for the category; the linked authority text is extracted below when available.
  • NARA registry status: Basic. Per-authority NARA status values: Basic. NARA banner marking evidence: CUI. The registry evidence is preserved here; detailed primary-law or regulation text analysis remains pending for this category.
  • NARA category scope: Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.
  • Extracted authority condition: (2)(A) A State or local law authorizing or re- quiring a State or local government to disclose Department of Defense critical infrastructure security information that is covered by a writ- ten determination under subsection (a) shall not apply to such information.
  • Extracted authority condition: (f) D EFINITION.—In this section, the term ‘‘De- partment of Defense critical infrastructure secu- rity information’’ means sensitive but unclassi- fied information that, if disclosed, would reveal vulnerabilities in Department of Defense criti- cal infrastructure that, if exploited, would like- ly result in the significant disruption, destruc- tion, or damage of or to Department of Defense operations, property, or facilities, including in- formation regarding the securing and safeguard- ing of explosives, hazardous chemicals, or pipe- lines, related to critical infrastructure or pro- tected systems owned or operated by or on be- half of the Department of Defense, including vulnerability assessments prepared by or on be- half of the Department of Defense, explosives safety information (including storage and han- dling), and other site-specific information on or relating to installation security.
  • Extracted authority condition: (b) read as follows: ‘‘Department of De- fense critical infrastructure security information cov- ered by a written determination under subsection (a) that is provided to a State or local government shall remain under the control of the Department of De- fense.’’ 2015—Pub.
  • Extracted authority condition: (c) I NFORMATIONPROVIDED TOSTATE AND L OCALGOVERNMENTS.—(1) Department of De- fense critical infrastructure security informa- tion covered by a written determination under subsection (a) or designated under subsection (b) that is provided to a State or local government shall remain under the control of the Depart- ment of Defense.
  • Extracted authority condition: Treatment under Freedom of Information Act of certain critical infrastructure security information (a) E XEMPTION.—The Secretary of Defense may exempt Department of Defense critical infra- structure security information from disclosure pursuant to section 552(b)(3) of title 5, upon a written determination that— (1) the information is Department of Defense critical infrastructure security information; and (2) the public interest consideration in the disclosure of such information does not out- weigh preventing the disclosure of such infor- mation.

Safeguarding and dissemination controls

  • NARA registry control evidence: status Basic; banner marking CUI.
  • Nara basic or specified: Basic
  • Nara authority rows: 10 USC 130e | status: Basic | banner: CUI
  • Nara banner markings: CUI
  • No DoD required dissemination control is listed on the registry page. Apply approved limited dissemination controls only when required or permitted by the designating agency or governing authority.
  • Use the registry assertions, NARA authority rows, DoD authorities, DoD policies, warning statements, required dissemination controls, and examples first. Where the cited authority does not specify a handling detail, apply CUI Basic safeguards and dissemination rules so long as they do not conflict with the authority or agency-specific controls.
  • Extracted authority control: (b) D ESIGNATION OFDEPARTMENT OFDEFENSE CRITICALINFRASTRUCTURESECURITYINFORMA- TION.—In addition to any other authority or re- quirement regarding protection from dissemina- tion of information, the Secretary may des- ignate information as being Department of De- fense critical infrastructure security informa- tion, including during the course of creating such information, to ensure that such informa- tion is not disseminated without authorization.
  • Extracted authority control: (f) D EFINITION.—In this section, the term ‘‘De- partment of Defense critical infrastructure secu- rity information’’ means sensitive but unclassi- fied information that, if disclosed, would reveal vulnerabilities in Department of Defense criti- cal infrastructure that, if exploited, would like- ly result in the significant disruption, destruc- tion, or damage of or to Department of Defense operations, property, or facilities, including in- formation regarding the securing and safeguard- ing of explosives, hazardous chemicals, or pipe- lines, related to critical infrastructure or pro- tected systems owned or operated by or on be- half of the Department of Defense, including vulnerability assessments prepared by or on be- half of the Department of Defense, explosives safety information (including storage and han- dling), and other site-specific information on or relating to installation security.
  • Extracted authority control: (b) P ROCEDURES.—(1) The Secretary of Defense shall establish and submit to the congressional defense committees procedures for complying with the requirements of subsection (a) consist- ent with the national security of the United States and the protection of operational integ- rity.
  • Extracted authority control: Treatment under Freedom of Information Act of certain confidential information shared with State and local personnel Confidential business information and other sensitive but unclassified homeland security in- formation in the possession of the Department of Defense that is shared, pursuant to section 892 of the Homeland Security Act of 2002 (6 U.S.C.
  • Extracted authority control: 482), with State and local personnel (as defined in such section) shall not be subject to disclo- sure under section 552 of title 5 by virtue of the sharing of such information with such person- nel.

Authority excerpts

Most relevant extracted authority passage

(b) D ESIGNATION OFDEPARTMENT OFDEFENSE CRITICALINFRASTRUCTURESECURITYINFORMA- TION.—In addition to any other authority or re- quirement regarding protection from dissemina- tion of information, the Secretary may des- ignate information as being Department of De- fense critical infrastructure security informa- tion, including during the course of creating such information, to ensure that such informa- tion is not disseminated without authorization.

Extracted authority passage 2

(f) D EFINITION.—In this section, the term ‘‘De- partment of Defense critical infrastructure secu- rity information’’ means sensitive but unclassi- fied information that, if disclosed, would reveal vulnerabilities in Department of Defense criti- cal infrastructure that, if exploited, would like- ly result in the significant disruption, destruc- tion, or damage of or to Department of Defense operations, property, or facilities, including in- formation regarding the securing and safeguard- ing of explosives, hazardous chemicals, or pipe- lines, related to critical infrastructure or pro- tected systems owned or operated by or on be- half of the Department of Defense, including vulnerability assessments prepared by or on be- half of the Department of Defense, explosives safety information (including storage and han- dling), and other site-specific information on or relating to installation security.

Extracted authority passage 3

(b) P ROCEDURES.—(1) The Secretary of Defense shall establish and submit to the congressional defense committees procedures for complying with the requirements of subsection (a) consist- ent with the national security of the United States and the protection of operational integ- rity.

Extracted authority passage 4

Treatment under Freedom of Information Act of certain confidential information shared with State and local personnel Confidential business information and other sensitive but unclassified homeland security in- formation in the possession of the Department of Defense that is shared, pursuant to section 892 of the Homeland Security Act of 2002 (6 U.S.C.

Extracted authority passage 5

(2)(A) A State or local law authorizing or re- quiring a State or local government to disclose Department of Defense critical infrastructure security information that is covered by a writ- ten determination under subsection (a) shall not apply to such information.

Extracted authority passage 6

(b) read as follows: ‘‘Department of De- fense critical infrastructure security information cov- ered by a written determination under subsection (a) that is provided to a State or local government shall remain under the control of the Department of De- fense.’’ 2015—Pub.

Presidential Policy Directive 21

Listed by: DoD Registry, Related authorities

Designation evidence

  • DoD authority row: Presidential Policy Directive 21. DoD lists this citation for the category; this DoD detail page does not display a separate Basic/Specified field.
  • Related authority evidence: DoD lists this authority for the category; the linked authority text is extracted below when available.
  • Registry designation context: Basic, CUI. The linked authority text contains category-scope or applicability language that helps determine when the information falls within this CUI category. The linked authority text contains disclosure, access, protection, release, dissemination, or distribution-control language relevant to handling. The linked authority text contains violation, penalty, sanction, or enforcement language that may affect consequences for mishandling.
  • Registry designation for this category is Basic with banner CUI.

Extracted authority meaning

  • Presidential Policy Directive -- Critical Infrastructure Security and Resilience | whitehouse.gov
  • Registry designation context: Basic, CUI. The linked authority text contains category-scope or applicability language that helps determine when the information falls within this CUI category. The linked authority text contains disclosure, access, protection, release, dissemination, or distribution-control language relevant to handling. The linked authority text contains violation, penalty, sanction, or enforcement language that may affect consequences for mishandling.

Operating conditions

  • DoD category scope used with this authority: Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.
  • DoD lists this authority for the category; the linked authority text is extracted below when available.
  • NARA registry status: Basic. Per-authority NARA status values: Basic. NARA banner marking evidence: CUI. The registry evidence is preserved here; detailed primary-law or regulation text analysis remains pending for this category.
  • NARA category scope: Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.
  • Extracted authority condition: Within 240 days of the date of this directive, the Secretary of Homeland Security shall demonstrate a near real-time situational awareness capability for critical infrastructure that includes threat streams and all-hazards information as well as vulnerabilities; provides the status of critical infrastructure and potential cascading effects; supports decision making; and disseminates critical information that may be needed to save or sustain lives, mitigate damage, or reduce further degradation of a critical infrastructure capability throughout an incident.
  • Extracted authority condition: 5) Support the Secretary of Homeland Security's statutorily required reporting requirements by providing on an annual basis sector-specific critical infrastructure information.
  • Extracted authority condition: Within 180 days of the date of this directive, the Secretary of Homeland Security, in coordination with the SSAs and other Federal departments and agencies, shall convene a team of experts to identify baseline data and systems requirements to enable the efficient exchange of information and intelligence relevant to strengthening the security and resilience of critical infrastructure.
  • Extracted authority condition: Within 2 years of the date of this directive, the Secretary of Homeland Security, in coordination with the OSTP, the SSAs, DOC, and other Federal departments and agencies, shall provide to the President, through the Assistant to the President for Homeland Security and Counterterrorism, a National Critical Infrastructure Security and Resilience R&D Plan that takes into account the evolving threat landscape, annual metrics, and other relevant information to identify priorities and guide R&D requirements and investments.

Safeguarding and dissemination controls

  • Nara basic or specified: Basic
  • Nara authority rows: 10 USC 130e | status: Basic | banner: CUI
  • Nara banner markings: CUI
  • No DoD required dissemination control is listed on the registry page. Apply approved limited dissemination controls only when required or permitted by the designating agency or governing authority.
  • Use the registry assertions, NARA authority rows, DoD authorities, DoD policies, warning statements, required dissemination controls, and examples first. Where the cited authority does not specify a handling detail, apply CUI Basic safeguards and dissemination rules so long as they do not conflict with the authority or agency-specific controls.
  • Extracted authority control: Interoperability with critical infrastructure partners; identification of key data and the information requirements of key Federal, SLTT, and private sector entities; availability, accessibility, and formats of data; the ability to exchange various classifications of information; and the security of those systems to be used; and appropriate protections for individual privacy and civil liberties should be included in the analysis.
  • Extracted authority control: This directive revokes Homeland Security Presidential Directive/HSPD-7, Critical Infrastructure Identification, Prioritization, and Protection, issued December 17, 2003.
  • Extracted authority control: Within 240 days of the date of this directive, the Secretary of Homeland Security shall demonstrate a near real-time situational awareness capability for critical infrastructure that includes threat streams and all-hazards information as well as vulnerabilities; provides the status of critical infrastructure and potential cascading effects; supports decision making; and disseminates critical information that may be needed to save or sustain lives, mitigate damage, or reduce further degradation of a critical infrastructure capability throughout an incident.
  • Extracted authority control: In addition, information security policies, directives, standards, and guidelines for safeguarding national security systems shall be overseen as directed by the President, applicable law, and in accordance with that direction, carried out under the authority of the heads of agencies that operate or exercise authority over such national security systems.
  • Extracted authority control: Within 240 days of the date of this directive, the Secretary of Homeland Security shall provide to the President, through the Assistant to the President for Homeland Security and Counterterrorism, a successor to the National Infrastructure Protection Plan to address the implementation of this directive, the requirements of Title II of the Homeland Security Act of 2002 as amended, and alignment with the National Preparedness Goal and System required by PPD-8.
  • Extracted authority control: As a result, Federal functions related to critical infrastructure security and resilience shall be clarified and refined to establish baseline capabilities that will reflect this evolution of knowledge, to define relevant Federal program functions, and to facilitate collaboration and information exchange between and among the Federal Government, critical infrastructure owners and operators, and SLTT entities.

Authority excerpts

Most relevant extracted authority passage

Interoperability with critical infrastructure partners; identification of key data and the information requirements of key Federal, SLTT, and private sector entities; availability, accessibility, and formats of data; the ability to exchange various classifications of information; and the security of those systems to be used; and appropriate protections for individual privacy and civil liberties should be included in the analysis.

Extracted authority passage 2

This directive revokes Homeland Security Presidential Directive/HSPD-7, Critical Infrastructure Identification, Prioritization, and Protection, issued December 17, 2003.

Extracted authority passage 3

Within 240 days of the date of this directive, the Secretary of Homeland Security shall demonstrate a near real-time situational awareness capability for critical infrastructure that includes threat streams and all-hazards information as well as vulnerabilities; provides the status of critical infrastructure and potential cascading effects; supports decision making; and disseminates critical information that may be needed to save or sustain lives, mitigate damage, or reduce further degradation of a critical infrastructure capability throughout an incident.

Extracted authority passage 4

In addition, information security policies, directives, standards, and guidelines for safeguarding national security systems shall be overseen as directed by the President, applicable law, and in accordance with that direction, carried out under the authority of the heads of agencies that operate or exercise authority over such national security systems.

Extracted authority passage 5

Within 240 days of the date of this directive, the Secretary of Homeland Security shall provide to the President, through the Assistant to the President for Homeland Security and Counterterrorism, a successor to the National Infrastructure Protection Plan to address the implementation of this directive, the requirements of Title II of the Homeland Security Act of 2002 as amended, and alignment with the National Preparedness Goal and System required by PPD-8.

Extracted authority passage 6

5) Support the Secretary of Homeland Security's statutorily required reporting requirements by providing on an annual basis sector-specific critical infrastructure information.