On September 14, 2016, the National Archives and Record Administration (“NARA”) issued a Final Rule, effective November 13, 2016, establishing cross-agency practices and procedures for safeguarding, disseminating, controlling, destroying, and marking Controlled Unclassified Information (CUI). Although the Final Rule only applies directly to executive branch agencies that designate or handle information that meets the standards for CUI, it also applies indirectly to non-executive branch entities through incorporation into agreements. These non-executive branch entities include contractors whose agreements will include CUI handling requirements. Accordingly, contractors must be aware of the new rule’s requirements, which will almost certainly be encapsulated in an expected final FAR clause that will govern contractor CUI safeguarding (and potentially impose cyber incident reporting requirements) across the Government. More information regarding the Final Rule can be found in a Covington & Burling Client Alert that was issued following publication of the rule, available here.