This Boston University guidance defines the requirements for handling and protecting information, including CUI. The document links to other useful sites (e.g. Data Classification Policy, Data Access Management Policies) that expand on the control of CUI and authorizations to access CUI.
This guideline provides an example of Data Classification framework that defines categories for data.
This website from Gartner provides reviews and rating for PAM Tools.
This ISOO presentation describes CUI program and what it is that needs to be protected.
The NC policy describes common security controls (e.g., proxies, gateways, routers, firewalls, guards, encrypted tunnels, web content filters, data loss prevention) and their application in controlling information flows. (See Section AC-4 – Information Flow Enforcement, p. 6)