Data Flow Diagram

A data flow diagram (DFD) in the cybersecurity context maps how sensitive data — particularly CUI — moves through your organization's systems, networks, and processes. It shows where CUI enters your environment, where it's stored, how it's processed, who accesses it, and where it's transmitted — both internally and to external parties.

CUI data flow diagrams are essential components of your System Security Plan. They help assessors understand the scope of your CUI environment and verify that appropriate security controls are in place at every point where CUI is stored, processed, or transmitted.

Why It Matters

Assessors use data flow diagrams to understand your CUI environment and verify that controls are applied everywhere CUI exists. Inaccurate or incomplete data flow diagrams can lead to missed controls and assessment findings.