CMMC Practice MP.L2-3.8.4

Mark media with necessary CUI markings and distribution limitations.

Bold Coast Security Guidance

Labeling is second nature to larger organizations, but a new and occasionally challenging task for smaller organizations to stay on top of. To make it easiest for users, adopt as few labels as possible reflecting the data in your environment. At a minimum, system media containing CUI must be labeled as such. The labeling should include distribution limitations, following the guidance from NARA (National Archives and Records Administration). Note that there are exception for small devices, such as removable media devices, which must still be marked, but cannot accommodate a complete marking. Remember to Include labeling requirements in your security training and on any data handling posters or signs you create.
Security Catapult

Be prepared for CMMC

Our Q&A assessment tool is designed by security advisors for MSPs and DoD contractors of all sizes.

Try now for free

Understand your gaps
Security Catapult

Understand your gaps

See compliance gaps, compliance scores and proactive security tasks in a single interface.

Try now for free

Validate NIST SP 800-171
Security Catapult

Validate NIST SP 800-171

Based on your CMMC answers, we let you know where you stand on NIST.

Try now for free

Build a plan of action
Security Catapult

Build a plan of action

Track your burn down and stay on top of security needs.

Try now for free

Build your policy
Security Catapult

Build your policy

Say goodbye to maintaining a security policy. We do it for you.

Try now for free

Discussion From Source

DRAFT NIST SP 800-171 R2 The term security marking refers to the application or use of human-readable security attributes. System media includes digital and non-digital media. Marking of system media reflects applicable federal laws, Executive Orders, directives, policies, and regulations.

References