CMMCDocs.comHome / Glossary / CUI Spillage
CUI Spillage
Also known as: Data spillage
An incident in which CUI ends up in a system, location, or possession that is not authorized to handle it. Reportable and remediable under CMMC requirements.
CUI spillage is an incident in which Controlled Unclassified Information ends up in a system, location, repository, or person's possession that is not authorized to handle it. Common spillage scenarios include: an employee emailing CUI from the in-scope environment to a personal email address, a file being uploaded to a non-CUI-authorized cloud service, or CUI being inadvertently shared with an unauthorized contractor.
When spillage occurs, the contractor must contain it (recover or destroy the CUI from the unauthorized location), document the incident, assess whether the spillage rises to the level of a reportable cyber incident, and take corrective action to prevent recurrence.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account