NIST SP 800-171 & CMMC 2.0 - 3.8.3
Sanitize or destroy information system media containing Federal Contract Information or controlled unclassified information before disposal or release for reuse.
NIST SP 800-171 & CMMC 2.0 - 3.8.1
Protect (i.e., physically control and securely store) system media containing Federal Contract Information, both paper and digital.
NIST SP 800-171 & CMMC 2.0 - 3.8.2
Limit access to “Controlled Unclassified Information” (CUI) on system media to authorized users.
NIST SP 800-171 & CMMC 2.0 - 3.8.7
Control the use of removable media on system components.
NIST SP 800-171 & CMMC 2.0 - 3.8.4
Mark media with necessary “Controlled Unclassified Information” (CUI) markings and distribution limitations.
NIST SP 800-171 & CMMC 2.0 - 3.8.8
Prohibit the use of portable storage devices when such devices have no identifiable owner.
NIST SP 800-171 & CMMC 2.0 - 3.8.5
Control access to media containing “Controlled Unclassified Information” (CUI) and maintain accountability for media during transport outside of controlled areas.
NIST SP 800-171 & CMMC 2.0 - 3.8.6
Implement cryptographic mechanisms to protect the confidentiality of “Controlled Unclassified Information” (CUI) stored on digital media during transport unless otherwise protected by alternative physical safeguards.
NIST SP 800-171 & CMMC 2.0 - 3.8.9
Protect the confidentiality of backup “Controlled Unclassified Information” (CUI) at storage locations.