---
title: "How does Wasabi support Controlled Unclassified Information (CUI)?"
slug: "how-does-wasabi-support-controlled-unclassified-information-cui"
updated: 2026-01-30T20:18:58Z
published: 2026-01-30T20:18:58Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wasabi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# How does Wasabi support Controlled Unclassified Information (CUI)?

Wasabi addresses Controlled Unclassified Information (CUI) compliance by providing customers with the ability to safeguard their CUI in accordance with [Presidential Executive Order 13556](https://obamawhitehouse.archives.gov/the-press-office/2010/11/04/executive-order-13556-controlled-unclassified-information)and [32 CFR Part 2002](https://www.ecfr.gov/current/title-32/subtitle-B/chapter-XX/part-2002). The CUI program requires that CUI be stored or handled in controlled environments that prevent or detect unauthorized access and limit and control access to CUI within the workforce by establishing electronic barriers. Wasabi meets these requirements for handling CUI:

- Provides [US Storage Regions](/v1/docs/where-is-my-data-stored-and-how-are-wasabis-storage-regions-secured)
- Customers are responsible for creating and managing their [users](https://docs.wasabi.com/docs/users-1), [access keys](https://docs.wasabi.com/docs/access-keys-1), [roles](https://docs.wasabi.com/docs/roles-1), [groups](https://docs.wasabi.com/docs/groups-2), and [policies](https://docs.wasabi.com/docs/policies-1)
- Customers are responsible for creating and managing their [Root Users](https://docs.wasabi.com/docs/users-1?highlight=root%20user)
- Supports Server-side encryption with customer-provided encryption keys [(SSE-C](https://docs.wasabi.com/docs/how-does-sse-c-encryption-work-with-wasabi))
- Restricts access to the S3 bucket(s) containing CUI and downloads to customer-authorized [users](https://docs.wasabi.com/docs/users-1)with valid [access keys](https://docs.wasabi.com/docs/access-keys-1)
- Customer [Root Users](https://docs.wasabi.com/docs/users-1?highlight=root%20user) are able to generate and download both [administrative logs](https://docs.wasabi.com/docs/administrative-logging) and [bucket log](https://docs.wasabi.com/docs/bucket-logging-enabledisable)s to review and track activity
- Protects both sensitive data/CUI and non-CUI data with [encryption](https://docs.wasabi.com/docs/how-does-wasabi-protect-against-malicious-encryption)
- Maintains information security policies
- Regularly tests security systems and processes
- Regularly monitors and tests networks
- Implements strong access control measures
- Tracks and monitors all access to network resources and sensitive data

Also, review [Wasabi's recommended general user security Best Practices](https://docs.wasabi.com/docs/what-are-wasabis-recommended-general-user-security-best-practices?), an additional guide to help [Root Users](https://docs.wasabi.com/docs/users-1?highlight=root%20user) protect their Wasabi cloud data.

**Keywords:** CUI, Controlled Unclassified Information, Executive Order 13556, CCMC, [NIST](https://csrc.nist.gov/glossary/term/controlled_unclassified_information) (800-37, 800-53, 800-171, 800-172A)

A logical software container in which to store objects. Wasabi stores objects (folders and files) in buckets. Once you create a storage bucket, you can upload objects into the bucket. You can create up to 1000 buckets per account.