This objective requires your organization to identify security risks related to how Controlled Unclassified Information (CUI) is processed, stored, or transmitted within your systems. This is the foundation for proactive risk management and CUI protection.