3.8 MEDIA PROTECTION

By wnoble2005@gmail.com (William Noble) 📅 2024-03-02

NIST 800-171 control 3.8, outlines safeguards for information classified as Controlled Unclassified Information (CUI). These controls focus on securing both physical and digital media containing CUI, encompassing aspects like secure storage, access control, proper disposal, and data protection during transport. The goal is to prevent unauthorized access, disclosure, or modification of sensitive CUI.

(Image credit: q4q.com)

NIST 800-171, a publication outlining security controls for Controlled Unclassified Information (CUI), dedicates section 3.8 to "Media Protection." This section emphasizes safeguarding CUI on all storage mediums, both digital and physical.

The first requirement focuses on securing the media itself. This includes physically controlling devices like hard drives and flash drives, as well as securely storing paper documents and microfilm. This can involve access controls for storage areas, inventory procedures, and check-in/check-out systems. Additionally, access to the CUI on this media needs to be limited. User permissions should be established to ensure only authorized individuals can view or modify the information.

Finally, when CUI-containing media reaches the end of its lifespan, secure disposal or reuse becomes crucial. NIST requires organizations to sanitize the media, meaning the CUI is permanently removed and unrecoverable. This can involve software tools or physical destruction of the media depending on the type and sensitivity of the information.

Go to 3.8 MEDIA PROTECTION Page

Contents of 3.8 MEDIA PROTECTION:

3.8.1 Protect (i.e., physically control and...digital

3.8.2 Limit access to CUI on system media t...d users

3.8.3 Sanitize or destroy system media cont...r reuse

3.8.4 Mark media with necessary CUI marking...tations

3.8.5 Control access to media containing CU...d areas

3.8.6 Implement cryptographic mechanisms to...eguards

3.8.7 Control the use of removable media on...ponents

3.8.8 Prohibit the use of portable storage....e owner

3.8.9 Protect the confidentiality of backup...cations

☰

Back

About "3.8 MEDIA PROTECTION" 🡃

Category:Cybersecurity Maturity Model
Family:Access Control (AC 3.1), Audit and Accountability (AC 3.3), Awareness Training (AC 3.2), Configuration Management (AC 3.4), Identification and Authentication (AC 3.5), Incident Response (AC 3.6), Maintenance (AC 3.7), Media Protection (AC 3.8), Personnel Security (AC 3.9), Physical Protection (AC 3.10), Risk Assessment (AC 3.11), Security Assessment (AC 3.12), System and Communications Protection (AC 3.13), System and Information Integrity (AC 3.14)
NIST:NIST SP 800-171r3

#CybersecurityMaturityModel

⬅ Back to NIST Special Publication NIST SP 800-171r3

NIST Special Publication NIST SP 800-171r3

3.8 MEDIA PROTECTION

More on q4q.com

Q4Q Technical Solutions