CMMC 2.0 Insights
Level 2
Select Domain for Level 2
Domain Name
Access Control (AC)
Audit & Accountability (AU)
Awareness & Training (AT)
Configuration Management (CM)
Identification & Authentication (IA)
Incident Response (IR)
Maintenance (MA)
Media Protection (MP)
Personnel Security (PS)
Physical Protection (PE)
Risk Assessment (RA)
Security Assessment (CA)
Systems & Communications Protection (SC)
System & Information Integrity (SI)
| DOMAIN: Media Protection |
|
Practice:MP.L1-3.8.3
|
CAPABILITY: C024 Sanitize Media
|
|
Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. |
|
Threat Actors:
i) Hard drives/memory in computers, scanners, copiers
ii) CD/DVD, thumb drives
iii) Paper files/reports
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following· Processes or procedures to identify Federal Contract Information or Controlled Unclassified Information (CUI).
· An inventory of process/or tools used to sanitize media before it is released for reuse or destroyed for disposal.
· Documentation that shows who approved and who sanitized the media or a signed form that verifies the media was destroyed securely.
Click here to see details (additional assessment notes available)|
Practice:MP.L2-3.8.1
|
CAPABILITY: C023 Protect and control media
|
|
Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital. |
|
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following
· Procedures that identify how information system media is protected i.e. physically controlled or securely controlled.
· Organizational policy and processes that address access controls and media access restrictions.
· Inventories, media check-in check-out log.
Click here to see detailsCopyright © 2022 Celerium. All Rights Reserved.