What is the primary purpose of DoD Instruction 5200.48?

The key idea is that protecting Controlled Unclassified Information (CUI) across the DoD requires a clear policy framework with assigned responsibilities. DoD Instruction 5200.48 establishes that framework, setting the rules for how CUI should be protected, stored, transmitted, and accessed throughout all DoD components and contractors. It designates who is responsible for implementing and enforcing the protection, outlines the controls and practices that must be in place, and ensures there is accountability and oversight across the entire department. This focus on policy direction and role assignment is what makes it the best choice, because it covers the governance and implementation necessary to safeguard CUI everywhere, rather than addressing classification decisions, cyber incident response, or physical facility access—areas governed by other policies. In practice, this means standardized requirements for labeling, handling, sharing restrictions, and responsibility for monitoring compliance across the DoD.