NIST SP 800-171 & CMMC 2.0 Control 3.8.4 Requirement:
Mark media with necessary “Controlled Unclassified Information” (CUI) markings and distribution limitations.
NIST SP 800-171 & CMMC 2.0 3.8.4 Requirement Explanation:
The term marking refers to applying notices on digital and non-digital media indicating that they contain controlled information. By marking media, employees are aware of the security processes and policies associated with handling the data.
Example NIST SP 800-171 & CMMC 2.0 3.8.4 Implementation:
Mark any digital media containing CUI with a label reading "controlled". This includes thumb drives, CD's, and hard drives. Mention CUI in your system usage notification notifications (see practice AC.2.005). Mark non-digital media such as papers containing CUI. Post a notice outside of rooms where CUI is stored. Mark containers that hold CUI. Use the "Marking "Controlled Unclassified Information Guide" released by the national archives as a reference when marking and labeling CUI.
NIST SP 800-171 & CMMC 2.0 3.8.4 Scenario(s):
- Scenario 1:
You have several hard drives and thumb drives containing CUI. To indicate that they require additional care when handled you print out a marking reading "controlled" and tape it to the drives.
- Scenario 2:
You have several file cabinets that you want to use to store paperwork containing CUI. To indicate that it contains CUI you mark it with a printout reading " Contains Controlled Unclassified Information".
- Scenario 3:
You are creating a document that will contain CUI. To indicate that it contains CUI you type "Controlled" at the top and bottom of the document.
Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:
Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Supply Chain Verifier
Trust is everything. Verify, monitor, and support subcontactor compliance.