NIST SP 800-171 & CMMC 2.0 Control 3.8.9 Requirement:

Protect the confidentiality of backup “Controlled Unclassified Information” (CUI) at storage locations.

NIST SP 800-171 & CMMC 2.0 3.8.9 Requirement Explanation:

Backups containing “Controlled Unclassified Information” (CUI) must stored on an encrypted drive or location to prevent unauthorized access.

Example NIST SP 800-171 & CMMC 2.0 3.8.9 Implementation:

Encrypt the digital media where you store backups containing “Controlled Unclassified Information” (CUI). Store these backups in a physically secure location (e.g. a locked room or container). Only allow authorized persons access to your backups.

NIST SP 800-171 & CMMC 2.0 3.8.9 Scenario(s):

- Scenario 1:

Your company has a file server containing “Controlled Unclassified Information” (CUI). Because it contains “Controlled Unclassified Information” (CUI) you ensure that backups of the system are saved to an encrypted drive. You keep all backups in a locked room.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.