NIST SP 800-171 & CMMC 2.0 3.8.5 Requirement:
Control access to media containing “Controlled Unclassified Information” (CUI) and maintain accountability for media during transport outside of controlled areas.
NIST SP 800-171 & CMMC 2.0 3.8.5 Requirement Explanation:
You need to safeguard digital and non-digital media containing CUI when it is transported outside of your secure facility. Safeguards used to protect media during transport include locked containers and encryption. Digital and non-digital media containing CUI may be transported outside of your facility via a mail/shipping service. To maintain accountability when shipping CUI you should receive a tracking number.
Example NIST SP 800-171 & CMMC 2.0 3.8.5 Implementation:
If you are transporting digital storage devices (e.g., hard drives) containing CUI outside of your facilities they need to be encrypted. If you are transporting paperwork containing CUI outside of your facilities it should be in a locked container. Maintain accountability for CUI transported outside of your organization by documenting who is authorized to transport it. This can include company employees and postal services. If you need to ship CUI in the mail make sure that you receive a tracking number and specify the intended recipient.
NIST SP 800-171 & CMMC 2.0 3.8.5 Scenario(s):
- Scenario 1:
You have several hard drives containing CUI that you need to transport to your company's other facility. To ensure that the CUI on the drives is safe you encrypt the drives. You also document who will be carrying the drives and to which location.
- Scenario 2:
You have a folder containing papers with CUI. You need to take these to a government facility. To ensure that they do not get in the wrong hands you transport them in a locked brief case.
- Scenario 3:
You need to ship a hard drive containing CUI to your company's facility on the other side of the country. You encrypt the drive and securely package it. When you take it to the postal service you get a tracking number for the package.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.