Controlled Unclassified Information - Marking/Labeling Media within Unclassified Environments (Not Mixed with Classified)
An XCCDF Rule
Description
<VulnDiscussion>Failure to mark CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Executive Order 13556, Controlled Unclassified Information (CUI) The Information Security Oversight Office (ISOO): https://www.archives.gov/cui CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND); Enclosure A, paragraph 6.a. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: MP-3. DODI 5200.48 Controlled Unclassified Information (CUI) DOD 5200.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter 4 and Chapter 8, Section 3, paragraph 8-302.g.(1).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245850r917357_rule
- Severity
- Low
- Updated
Remediation - Manual Procedure
General Information:
This fix is only for unclassified/sensitive media being used in a strictly unclassified physical environment. If all Controlled Unclassified Information (CUI) media are in a mixed environment where classified systems and media are in use, then STIG ID IS-03.02.01. applies and this potential vulnerability is NA.
Ensure the following standard is met: