Reference: CMMC 2.11
Family: MP
Level Introduced: 2
Title: Media Access
Practice:
Limit access to CUI on system media to authorized users.
CMMC Clarification:
Limit physical access to CUI to people permitted to access CUI. Use locked or controlled storage areas and limit access to only those allowed to access CUI. Keep track of who accesses physical CUI in some sort of record.
Example
Your organization has CUI for a specific Army contract. The Army gave you the CUI on a CD. You store the CD in a locked drawer. The only employees with access to the drawer are those assigned to the project. They are the only people allowed to access CUI. When someone removes the CD for work, they sign it out with their name and time. When they return the CD to the locked drawer, they sign it back in.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.