NIST SP 800-171 & CMMC 2.0 3.8.4 Requirement:

Mark media with necessary “Controlled Unclassified Information” (CUI) markings and distribution limitations.

NIST SP 800-171 & CMMC 2.0 3.8.4 Requirement Explanation:

The term marking refers to applying notices on digital and non-digital media indicating that they contain controlled information. By marking media, employees are aware of the security processes and policies associated with handling the data.

Example NIST SP 800-171 & CMMC 2.0 3.8.4 Implementation:

Mark any digital media containing CUI with a label reading "controlled". This includes thumb drives, CD's, and hard drives. Mention CUI in your system usage notification notifications (see practice AC.2.005). Mark non-digital media such as papers containing CUI. Post a notice outside of rooms where CUI is stored. Mark containers that hold CUI. Use the "Marking "Controlled Unclassified Information Guide" released by the national archives as a reference when marking and labeling CUI.

NIST SP 800-171 & CMMC 2.0 3.8.4 Scenario(s):

- Scenario 1:

You have several hard drives and thumb drives containing CUI. To indicate that they require additional care when handled you print out a marking reading "controlled" and tape it to the drives.

- Scenario 2:

You have several file cabinets that you want to use to store paperwork containing CUI. To indicate that it contains CUI you mark it with a printout reading " Contains Controlled Unclassified Information".

- Scenario 3:

You are creating a document that will contain CUI. To indicate that it contains CUI you type "Controlled" at the top and bottom of the document.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.