Homexnetd.com
xnetd.com

3.8 MEDIA PROTECTION

3.8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards | NIST 800-171 control 3.8.6 safeguards Controlled Unclassified Information (CUI) on digital media during transport. Encryption protects confidentiality by scrambling the data. This reduces the risk of unauthorized access if the media is lost or stolen. Organizations are accountable for implementing this control. Encryption software and strong key management are common methods for achieving this.

3.8 MEDIA PROTECTION
Back to "3.8 MEDIA PROTECTION"
3.8 MEDIA PROTECTION
🖨️

3.8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards

By wnoble2005@gmail.com (William Noble) 📅 2024-03-02
NIST 800-171 control 3.8.6 safeguards Controlled Unclassified Information (CUI) on digital media during transport. Encryption protects confidentiality by scrambling the data. This reduces the risk of unauthorized access if the media is lost or stolen. Organizations are accountable for implementing this control. Encryption software and strong key management are common methods for achieving this.



This requirement applies to portable storage devices (e.g., USB memory sticks, digital video disks, compact disks, external or removable hard disk drives). See [NIST CRYPTO].[SP 800-111] provides guidance on storage encryption technologies for end user devices.

Benefits:

Confidentiality: Encryption scrambles CUI, making it unreadable to unauthorized individuals who might intercept the data during transport, like on a lost laptop or unsecured network.

Compliance: Implementing encryption demonstrates adherence to NIST 800-171, a critical requirement for government contractors and organizations handling CUI.

Reduced Risk: Encryption minimizes the impact of data breaches, protecting sensitive information and potentially avoiding costly consequences.

Accountability:

Senior Management: Set the security tone and allocate resources. They ensure policies are in place for encryption use, user training, and incident response if breaches occur related to CUI transport.


IT Security Team: Implement and manage encryption solutions. This includes choosing FIPS-compliant algorithms, providing user training on encryption tools, and monitoring for unauthorized access attempts.

System Owners: Responsible for the specific systems where CUI resides. They cooperate with the IT security team to ensure CUI is identified and encrypted before transfer.

Individual Users: Are the last line of defense. They must be trained on proper encryption usage, understand their role in protecting CUI, and report any suspicious activity during transport.

Implementation:

Encryption Software: Encrypt digital media containing CUI using FIPS-compliant encryption algorithms. Popular options include BitLocker for Windows and FileVault for macOS.

Secure File Transfer: Utilize secure file transfer protocols like SFTP or FTPS that encrypt data in transit.

Physical Safeguards: When encryption isn't feasible, rely on strong physical controls. This could involve locked, tamper-evident containers for transporting devices with CUI.


Go to docs.google.com

About "3.8.6 Implement cryptogra...uards" 🡃
Category:Cybersecurity Maturity Model
Family:Media Protection (AC 3.8)
Type:Derived Security Requirements
#CybersecurityMaturityModel #DerivedSecurityRequirements
⬅ Back to 3.8 MEDIA PROTECTION

More on q4q.com

Q4Q Technical Solutions

© q4q.com 1999-2024