CMMC Practice RE.2.138: Protect the confidentiality of backup CUI at storage locations.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
You protect the confidentiality of information to ensure that it remains private and unchanged. Methods to ensure confidentiality may include:
- encrypting files;
- managing who has access to the information;
- physically securing devices and media that contains CUI; and
- managing the use of information.
Storage locations for information are varied, and may include:
- external hard drives;
- USB flash drives;
- disc media (e.g., CD, DVD, Blu-Ray);
- Networked Attached Storage (NAS);
- cloud backup; and
- FTP, FTP Secure, SFTP.