How should CUI be stored in DoD information systems?

Safeguarding CUI in DoD information systems means storing it in secure locations where access is tightly controlled, and where users are properly authenticated, with encryption applied as required. This layered approach prevents unauthorized entry and ensures that even if storage media are exposed, the data remains unreadable without the proper credentials. The requirement to use secure facilities or protected storage and to encrypt data at rest (where mandated) aligns with DoD safeguarding standards that emphasize controlling who can see the information and how it is protected in storage. Storing CUI on personal devices, leaving paper CUI on desks, or using a public cloud with no controls would bypass these protections and significantly raise the risk of disclosure.