CMMC 1.0 Practice MP.2.120 Requirement:

Limit access to “Controlled Unclassified Information” (CUI) on system media to authorized users.

CMMC 1.0 MP.2.120 Requirement Explanation:

By only allowing authorized persons access to “Controlled Unclassified Information” (CUI) you can reduce the risk of it being exposed to unauthorized persons. Creating an inventory for “Controlled Unclassified Information” (CUI), securely storing it, and document who has possession of it all support this practice.

Example CMMC 1.0 MP.2.120 Implementation:

Create an inventory of media (e.g., external drives) containing “Controlled Unclassified Information” (CUI). Store them in a locked container such as a file cabinet. Only provide access to the container to authorized persons. Requiring them to sign media in and out when they handle it.

CMMC 1.0 MP.2.120 Scenario(s):

- Scenario 1:

The DoD has provided you with “Controlled Unclassified Information” (CUI) on a CD. To protect it you store it in a locked drawer and only provide access to the drawer to persons working on the DoD project. When an employee wants to take possession of the CD they must sign their name, time, and date.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.