RE.2.138 Protect the confidentiality of backup CUI at storage locations.

CMMC Practice RE.2.138: Protect the confidentiality of backup CUI at storage locations.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

You protect the confidentiality of information to ensure that it remains private and unchanged. Methods to ensure confidentiality may include:

  • encrypting files;
  • managing who has access to the information;
  • physically securing devices and media that contains CUI; and
  • managing the use of information.

Storage locations for information are varied, and may include:

  • external hard drives;
  • USB flash drives;
  • disc media (e.g., CD, DVD, Blu-Ray);
  • Networked Attached Storage (NAS);
  • cloud backup; and
  • FTP, FTP Secure, SFTP.