NIST SP 800-171 & CMMC 2.0 3.8.4 Requirement:

Mark media with necessary “Controlled Unclassified Information” (CUI) markings and distribution limitations.

NIST SP 800-171 & CMMC 2.0 3.8.4 Requirement Explanation:

The term marking refers to applying notices on digital and non-digital media indicating that they contain controlled information. By marking media, employees are aware of the security processes and policies associated with handling the data.

Example NIST SP 800-171 & CMMC 2.0 3.8.4 Implementation:

Mark any digital media containing CUI with a label reading "controlled". This includes thumb drives, CD's, and hard drives. Mention CUI in your system usage notification notifications (see practice AC.2.005). Mark non-digital media such as papers containing CUI. Post a notice outside of rooms where CUI is stored. Mark containers that hold CUI. Use the "Marking "Controlled Unclassified Information Guide" released by the national archives as a reference when marking and labeling CUI.

NIST SP 800-171 & CMMC 2.0 3.8.4 Scenario(s):

- Scenario 1:

You have several hard drives and thumb drives containing CUI. To indicate that they require additional care when handled you print out a marking reading "controlled" and tape it to the drives.

- Scenario 2:

You have several file cabinets that you want to use to store paperwork containing CUI. To indicate that it contains CUI you mark it with a printout reading " Contains Controlled Unclassified Information".

- Scenario 3:

You are creating a document that will contain CUI. To indicate that it contains CUI you type "Controlled" at the top and bottom of the document.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

CMMC Level 1 Compliance App

CMMC Level 1 Compliance

Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More
NIST SP 800-171 & CMMC Level 2 Compliance App

NIST SP 800-171 & CMMC Level 2 Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
Learn More
HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More
ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More
FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More