9 Practices
Protect system media, both paper and digital
This practice requires organizations to safeguard both physical (paper) and digital media that contain Controlled Unclassified Information (CUI). It i...
Limit access to CUI on system media to authorized users
This practice means ensuring only approved personnel can access physical or digital media (like hard drives, USBs, or cloud storage) containing Contro...
Sanitize or destroy system media containing CUI before disposal or release for reuse
This practice means you must ensure that any physical or digital storage media (like hard drives, USBs, or cloud storage) that contained Controlled Un...
Mark media with necessary CUI markings and distribution limitations
This control requires that any media (like USB drives, external hard drives, or printed documents) containing Controlled Unclassified Information (CUI...
Control access to media containing CUI and maintain accountability for media
This practice means that organizations must ensure only authorized personnel can access media (like USB drives, hard drives, or CDs) that contain Cont...
Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media
This practice requires encrypting any digital media (like USB drives, hard drives, or cloud storage) that contains Controlled Unclassified Information...
Control the use of removable media on system components
This practice requires organizations to limit and monitor the use of removable media (like USB drives, external hard drives, or CDs) on systems that h...
Prohibit the use of portable storage devices when such devices have no identifiable owner
This practice requires organizations to ensure that portable storage devices, such as USB drives or external hard drives, are only used if they have a...
Protect the confidentiality of backup CUI at storage locations
This control requires organizations to ensure that backup copies of Controlled Unclassified Information (CUI) are properly protected when stored, whet...