CMMC 1.0 Practice MP.3.124 Requirement:

Control access to media containing “Controlled Unclassified Information” (CUI) and maintain accountability for media during transport outside of controlled areas.

CMMC 1.0 MP.3.124 Requirement Explanation:

Safeguards to protect media during transport include locked containers, and encryption. For the actual transport, authorized transport and courier personnel may include individuals from outside your company (e.g.,U.S.PostalService or a commercial transport or delivery service). Maintaining accountability of media during transport includes, for example, restricting transport activities to authorized personnel, and tracking records of transport activities as the media moves through the transportation system.

Example CMMC 1.0 MP.3.124 Implementation:

If you are transporting digital storage devices (e.g., hard drives etc.) containing CUI outside of your facilities they need to be encrypted. If you are transporting paper work containing CUI outside of your facilities they should be in a locked container. Maintain accountability for CUI transported outside of your organization by documenting who is authorized to transport it. This can include company employees and postal services. If you need to ship CUI in the mail make sure that you receive a tracking number and specify the intended recipient.

CMMC 1.0 MP.3.124 Scenario(s):

- Scenario 1:

You have several hard drives containing CUI that you need to transport to your company's other facility. To ensure that the CUI on the drives is safe you encrypt the drives. You also document who will be carrying the drives and to which location.

- Scenario 2:

You have a folder containing papers with CUI. You need to take these to a government facility. To ensure that they do not get in the wrong hands you transport them in a locked brief case.

- Scenario 3:

You need to ship a hard drive containing CUI to your company's facility on the other side of the country. You encrypt the drive and securely package it. When you take it to the postal service you get a tracking number for the package.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.