CUI Training



Please note this CUI training is effective Monday, 11/2/2020. Please contact if you have any questions or concerns.

Center for Development of Security Excellence (CDSE) released a course in late 2020 to formalize a training regimen for those working with CUI. Per CDSE, this course is mandatory training for all of DoD and Industry personnel with access to CUI. The course provides information on the eleven training requirements for accessing, marking, safeguarding, decontrolling and destroying CUI along with the procedures for identifying and reporting security incidents.

Georgia Tech previously used the NARA CUI training to meet this requirement. If you have taken the NARA CUI Training previously, your attestation is good for a grace period of one year from the date you attested to completing the training via DocuSign. We will be happy to check the date of your attestation if you would like us to check if you are still within a said year.

Please understand, however, that we will strongly suggest completion of the newer CDSE CUI Training as soon as possible, and require it after the grace period. This is a DoD mandated training that has replaced the NARA CUI training, and we only require the CDSE CUI Training to be completed once.

Controls Affected

As part of NIST 800-171 compliance, security awareness training to discuss proper storage, processing, and transmitting of CUI is required to meet the following controls:


NIST 800-171 Control Number Control Family Control Text
3.2.1 Awareness and Training Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.
3.2.2 Awareness and Training Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.
3.2.3 Awareness and Training Provide security awareness training on recognizing and reporting potential indicators of insider threat.


Quick Instructions

There are 2 steps to this training:

  1. Completion of the CDSE Training (linked here and below), which will issue a certificate
  2. Completion of the DocuSign PowerForm (linked here and below) to attest to the completion of the training, and to attach the certificate you received after step 1.
    • This is to ensure the certificate matches to the GT user that took the training.

Detailed Instructions

To meet the requirements of Control Family 3.2 of NIST 800-171, users involved in processing and storing CUI must use the training provided by the Center for Development of Security Intelligence (CDSE) of the Defense Counterintelligence and Security Agency, located on this page (You can also click the image below to access the page).

The training issues a certificate upon completion.

Once complete, please navigate to this page (also accessible via image below) to sign off and attest that you have completed the training available.

IMPORTANT: The form will ask you to authenticate before accessing. Be sure to login with your Georgia Tech username followed by “”.

If you have any questions concerning this process, please let us know by emailing