Reference: CMMC 2.0
Level Introduced: 2
Title: Media Access
Limit access to CUI on system media to authorized users.
Limit physical access to CUI to people permitted to access CUI. Use locked or controlled storage areas and limit access to only those allowed to access CUI. Keep track of who accesses physical CUI in some sort of record.
Your organization has CUI for a specific Army contract. The Army gave you the CUI on a CD. You store the CD in a locked drawer. The only employees with access to the drawer are those assigned to the project. They are the only people allowed to access CUI. When someone removes the CD for work, they sign it out with their name and time. When they return the CD to the locked drawer, they sign it back in.