The level of system and network configuration required for Controlled Unclassified Information (CUI) is at a moderate level of confidentiality. This means that organizations handling CUI must adhere to specific security standards and best practices to safeguard this information. According to the Department of Defense (DoD), DIB contractors must be CMMC Certified Level 3 by a C3PAO to handle CUI, as mandated by DFARS Clause 252.204-7012, 252.204-7019, 252.204-7020, and 252.204-7021. The system network configuration for CUI involves various key elements, including network segmentation, access controls, encryption, logging and monitoring, and regular vulnerability assessments. Inadequate system network configuration for CUI can result in unauthorized access to CUI, data breaches, and potential legal and regulatory consequences, as well as damage to an organization’s reputation and erosion of customer trust.