CMMC 1.0 Practice MP.3.125 Requirement:
Implement cryptographic mechanisms to protect the confidentiality of “Controlled Unclassified Information” (CUI) stored on digital media during transport unless otherwise protected by alternative physical safeguards.
CMMC 1.0 MP.3.125 Requirement Explanation:
This requirement generally applies to portable storage devices such as USB thumb drives, CDs, DVDs, and external hard drives. Any digital media containing FCI or CUI that is transported outside of your facility must be encrypted or stored in a locked container.
Example CMMC 1.0 MP.3.125 Implementation:
Encrypt any digital media containing FCI or CUI that you intend to transport outside of your facilities. In general it is a good idea to encrypt all digital media when feasible.
CMMC 1.0 MP.3.125 Scenario(s):
- Scenario 1:
Your company wants to store its backups with a third party off-site. To protect the CUI on the backup drives it encrypts them. The third party is thus unable to access the CUI on the drives.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.