3.8.9

  • Requirement

    Protect the confidentiality of backup CUI at storage locations.

  • Discussion

    Organizations can employ cryptographic mechanisms or alternative physical controls to protect the confidentiality of backup information at designated storage locations. Backed-up information containing CUI may include system-level information and user-level information. System-level information includes system-state information, operating system software, application software, and licenses. User-level information includes information other than system-level information.

More Info

  • Family

    Media Protection
  • DoD Scoring Methodology Points

    1
  • Related CMMC ID

  • Related NIST 800-53 ID

    CP-9
  • Reference Documents

    • N/A

NIST 800-171A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!