• Requirement

    a. Mark system media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information; and
    b. Exempt [Assignment: organization-defined types of system media] from marking if the media remain within [Assignment: organization-defined controlled areas].

  • Discussion

    Security marking refers to the application or use of human-readable security attributes. Digital media includes diskettes, magnetic tapes, external or removable hard disk drives (e.g., solid state, magnetic), flash drives, compact discs, and digital versatile discs. Non-digital media includes paper and microfilm. Controlled unclassified information is defined by the National Archives and Records Administration along with the appropriate safeguarding and dissemination requirements for such information and is codified in 32 CFR 2002. Security markings are generally not required for media that contains information determined by organizations to be in the public domain or to be publicly releasable. Some organizations may require markings for public information indicating that the information is publicly releasable. System media marking reflects applicable laws, executive orders, directives, policies, regulations, standards, and guidelines.

More Info

  • Title

    Media Marking
  • Family

    Media Protection
  • Related NIST 800-53 ID


CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!