CMMC 1.0 Practice MP.3.124 Requirement:
Control access to media containing “Controlled Unclassified Information” (CUI) and maintain accountability for media during transport outside of controlled areas.
CMMC 1.0 MP.3.124 Requirement Explanation:
Safeguards to protect media during transport include locked containers, and encryption. For the actual transport, authorized transport and courier personnel may include individuals from outside your company (e.g.,U.S.PostalService or a commercial transport or delivery service). Maintaining accountability of media during transport includes, for example, restricting transport activities to authorized personnel, and tracking records of transport activities as the media moves through the transportation system.
Example CMMC 1.0 MP.3.124 Implementation:
If you are transporting digital storage devices (e.g., hard drives etc.) containing CUI outside of your facilities they need to be encrypted. If you are transporting paper work containing CUI outside of your facilities they should be in a locked container. Maintain accountability for CUI transported outside of your organization by documenting who is authorized to transport it. This can include company employees and postal services. If you need to ship CUI in the mail make sure that you receive a tracking number and specify the intended recipient.
CMMC 1.0 MP.3.124 Scenario(s):
- Scenario 1:
You have several hard drives containing CUI that you need to transport to your company's other facility. To ensure that the CUI on the drives is safe you encrypt the drives. You also document who will be carrying the drives and to which location.
- Scenario 2:
You have a folder containing papers with CUI. You need to take these to a government facility. To ensure that they do not get in the wrong hands you transport them in a locked brief case.
- Scenario 3:
You need to ship a hard drive containing CUI to your company's facility on the other side of the country. You encrypt the drive and securely package it. When you take it to the postal service you get a tracking number for the package.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.