CMMC 1.0 Practice MP.2.120 Requirement:
Limit access to “Controlled Unclassified Information” (CUI) on system media to authorized users.
CMMC 1.0 MP.2.120 Requirement Explanation:
By only allowing authorized persons access to “Controlled Unclassified Information” (CUI) you can reduce the risk of it being exposed to unauthorized persons. Creating an inventory for “Controlled Unclassified Information” (CUI), securely storing it, and document who has possession of it all support this practice.
Example CMMC 1.0 MP.2.120 Implementation:
Create an inventory of media (e.g., external drives) containing “Controlled Unclassified Information” (CUI). Store them in a locked container such as a file cabinet. Only provide access to the container to authorized persons. Requiring them to sign media in and out when they handle it.
CMMC 1.0 MP.2.120 Scenario(s):
- Scenario 1:
The DoD has provided you with “Controlled Unclassified Information” (CUI) on a CD. To protect it you store it in a locked drawer and only provide access to the drawer to persons working on the DoD project. When an employee wants to take possession of the CD they must sign their name, time, and date.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.