Homewhoiswilliamnoble.comq4q.com

Cybersecurity Maturity Model

3.8 MEDIA PROTECTION | NIST 800-171 control 3.8, outlines safeguards for information classified as Controlled Unclassified Information (CUI). These controls focus on securing both physical and digital media containing CUI, encompassing aspects like secure storage, access control, proper disposal, and data protection during transport. The goal is to prevent unauthorized access, disclosure, or modification of sensitive CUI.

Cybersecurity Maturity Model
Back to "Cybersecurity Maturity Model"
Cybersecurity Maturity Model
🖨️

3.8 MEDIA PROTECTION

By W. Noble 📅 2024-03-02
NIST 800-171 control 3.8, outlines safeguards for information classified as Controlled Unclassified Information (CUI). These controls focus on securing both physical and digital media containing CUI, encompassing aspects like secure storage, access control, proper disposal, and data protection during transport. The goal is to prevent unauthorized access, disclosure, or modification of sensitive CUI.

(Image credit: xnetd.com)


NIST 800-171, a publication outlining security controls for Controlled Unclassified Information (CUI), dedicates section 3.8 to "Media Protection." This section emphasizes safeguarding CUI on all storage mediums, both digital and physical.

The first requirement focuses on securing the media itself. This includes physically controlling devices like hard drives and flash drives, as well as securely storing paper documents and microfilm. This can involve access controls for storage areas, inventory procedures, and check-in/check-out systems. Additionally, access to the CUI on this media needs to be limited. User permissions should be established to ensure only authorized individuals can view or modify the information.



Finally, when CUI-containing media reaches the end of its lifespan, secure disposal or reuse becomes crucial. NIST requires organizations to sanitize the media, meaning the CUI is permanently removed and unrecoverable. This can involve software tools or physical destruction of the media depending on the type and sensitivity of the information.

Family:Media Protection (AC 3.8)
NIST:NIST SP 800-171r3


3.8.1 Protect (i.e., physically control and...digital- NIST 800-171 control 3.8.1 requires organizations to safeguard both physical and digital media containing CUI (Controlled Unclassified Information)..... (Page)
3.8.2 Limit access to CUI on system media t...d users- NIST 800-171 control 3.8.2 safeguards Controlled Unclassified Information (CUI) on system media by restricting access to authorized users. This protects.... (Page)
3.8.3 Sanitize or destroy system media cont...r reuse- NIST 800-171's "3.8.3" safeguards Controlled Unclassified Information (CUI) by requiring its removal or destruction before discarding or reusing devices.... (Page)

3.8.4 Mark media with necessary CUI marking...tations- NIST 800-171 control 3.8.4 mandates marking media containing Controlled Unclassified Information (CUI) with proper labels and distribution restrictions..... (Page)
3.8.5 Control access to media containing CU...d areas- NIST 800-171 Control 3.8.5 safeguards sensitive information (CUI) on removable media during transport. It ensures only authorized users can access the.... (Page)

About "3.8 MEDIA PROTECTION" 🡃
Category:Cybersecurity Maturity Model
Family:Media Protection (AC 3.8)
NIST:NIST SP 800-171r3
Type:Basic Security Requirements, Derived Security Requirements
#CybersecurityMaturityModel #BasicSecurityRequirements #DerivedSecurityRequirements

XNETD

© q4q.com 1999-2024   © xnetd.com 2024