The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The eighth of the 14 Families of Requirements for NIST 800-171 compliance is media protection.
What is Media Protection in Terms of NIST 800-171?
The Media Protection family of requirements establishes processes to ensure the security of all media – paper, removable, cloud based, digital – that might contain CUI, as well as protocols to limit access and control CUI dissemination. Media protection clarifies where and how data is stored, how it is transferred and how it should be properly secured. It also regulates secure media storage, encryption, and accessibility from a physical standpoint – through a clean desk requirement, for example. Proper acquisition, storage, access, transportation, and disposal of hardware are all covered here. Media protection has 3 Basic Security Requirements and 6 Derived Requirements.
Basic Requirements
- 3.8.1 Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital.
- 3.8.2 Limit access to CUI on system media to authorized users.
- 3.8.3 Sanitize or destroy system media containing CUI before disposal or release for reuse.
Derived Requirements
- 3.8.4 Mark media with necessary CUI markings and distribution limitations
- 3.8.5 Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas.
- 3.8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.
- 3.8.7 Control the use of removable media on system components.
- 3.8.8 Prohibit the use of portable storage devices when such devices have no identifiable owner.
- 3.8.9 Protect the confidentiality of backup CUI at storage locations.
How NeQter Labs Can Help
NeQter Labs can assist you with building the foundation for your cyber security and compliance program. By combining SIEM, vulnerability scanning, inventory and documentation into a single platform, NeQter allows you to get a jump start on your DFARS-7012/NIST 800-171/CMMC compliance project. Our extensive partner network ensures that no matter what, we can assist you with all your compliance needs. Contact us here.
