NIST SP 800-171 & CMMC 2.0 3.8.4 Requirement:
Mark media with necessary “Controlled Unclassified Information” (CUI) markings and distribution limitations.
NIST SP 800-171 & CMMC 2.0 3.8.4 Requirement Explanation:
The term marking refers to applying notices on digital and non-digital media indicating that they contain controlled information. By marking media, employees are aware of the security processes and policies associated with handling the data.
Example NIST SP 800-171 & CMMC 2.0 3.8.4 Implementation:
Mark any digital media containing CUI with a label reading "controlled". This includes thumb drives, CD's, and hard drives. Mention CUI in your system usage notification notifications (see practice AC.2.005). Mark non-digital media such as papers containing CUI. Post a notice outside of rooms where CUI is stored. Mark containers that hold CUI. Use the "Marking "Controlled Unclassified Information Guide" released by the national archives as a reference when marking and labeling CUI.
NIST SP 800-171 & CMMC 2.0 3.8.4 Scenario(s):
- Scenario 1:
You have several hard drives and thumb drives containing CUI. To indicate that they require additional care when handled you print out a marking reading "controlled" and tape it to the drives.
- Scenario 2:
You have several file cabinets that you want to use to store paperwork containing CUI. To indicate that it contains CUI you mark it with a printout reading " Contains Controlled Unclassified Information".
- Scenario 3:
You are creating a document that will contain CUI. To indicate that it contains CUI you type "Controlled" at the top and bottom of the document.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you