NIST SP 800-171 & CMMC 2.0 Control 3.8.5 Requirement:

Control access to media containing “Controlled Unclassified Information” (CUI) and maintain accountability for media during transport outside of controlled areas.

NIST SP 800-171 & CMMC 2.0 3.8.5 Requirement Explanation:

You need to safeguard digital and non-digital media containing CUI when it is transported outside of your secure facility. Safeguards used to protect media during transport include locked containers and encryption. Digital and non-digital media containing CUI may be transported outside of your facility via a mail/shipping service. To maintain accountability when shipping CUI you should receive a tracking number.

Example NIST SP 800-171 & CMMC 2.0 3.8.5 Implementation:

If you are transporting digital storage devices (e.g., hard drives) containing CUI outside of your facilities they need to be encrypted. If you are transporting paperwork containing CUI outside of your facilities it should be in a locked container. Maintain accountability for CUI transported outside of your organization by documenting who is authorized to transport it. This can include company employees and postal services. If you need to ship CUI in the mail make sure that you receive a tracking number and specify the intended recipient.

NIST SP 800-171 & CMMC 2.0 3.8.5 Scenario(s):

- Scenario 1:

You have several hard drives containing CUI that you need to transport to your company's other facility. To ensure that the CUI on the drives is safe you encrypt the drives. You also document who will be carrying the drives and to which location.

- Scenario 2:

You have a folder containing papers with CUI. You need to take these to a government facility. To ensure that they do not get in the wrong hands you transport them in a locked brief case.

- Scenario 3:

You need to ship a hard drive containing CUI to your company's facility on the other side of the country. You encrypt the drive and securely package it. When you take it to the postal service you get a tracking number for the package.
 

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:

/assets/images/app/complaince_accelerator.gif

Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Become Compliant
/assets/images/app/quantum_accelerator.gif

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Provide Services
/assets/images/app/supply_chain_verifier.gif

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.
Verify Subcontactors