Show/Hide Toolbars

ABCI Consultants

Guidance for NIST 800-171 Assessment & Compliance

Basic Security Requirements:

8.1 Protect (i.e., physically control and securely store) information system media containing CUI, both paper and digital.

8.2 Limit access to CUI on information system media to authorized users.

8.3 Sanitize or destroy information system media containing CUI before disposal or release for reuse.

Derived Security Requirements:

8.4 Mark media with necessary CUI markings and distribution limitations.25

8.5 Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas.

8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.

8.7 Control the use of removable media on information system components.

8.8 Prohibit the use of portable storage devices when such devices have no identifiable owner.

8.9 Protect the confidentiality of backup CUI at storage locations.

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056