MP.3.124 Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas.

CMMC Practice MP.3.124: Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Protection of Controlled Unclassified Information (CUI) is applicable to physical and digital formats. Physical control can be accomplished using traditional concepts like restricted access to physical locations or locking papers in a desk or filing cabinet. The digitization of data makes access to CUI much easier. CUI can be stored and transported on magnetic disks, tapes, USB drives, CD-ROMs, and so on. This makes digital CUI data very portable. As a result of the portability it is important for an organization to apply mechanisms to prevent unauthorized access to CUI.