CMMC 2.0 • LEVEL 2 • MEDIA PROTECTION

MP.L2-3.8.4Media Marking

System media include digital and non-digital media. Marking refers to the use or application of human-readable security attributes. Labeling refers to the use of security attributes for internal system data structures. Digital media include diskettes, magnetic tapes, external or removable solid state or magnetic drives, flash drives, compact discs, and digital versatile discs. Non-digital media include paper and microfilm. CUI is defined by NARA along with marking, safeguarding, and dissemination requirements for such information.

NIST 800-171 Mapping

NIST 800-53 Controls

MP-5

Assessment Objectives

  • system media that contain CUI are marked to indicate distribution limitations.
  • system media that contain CUI are marked to indicate handling caveats.
  • system media that contain CUI are marked to indicate applicable CUI markings.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

MP.L2-3.8.1 Media Storage MP.L2-3.8.2 Media Access MP.L1-3.8.3 Media Sanitization MP.L2-3.8.5 Media Transport