Controlled Unclassified Information - Marking/Labeling Media within Unclassified Environments (Not Mixed with Classified)
An XCCDF Rule
Description
Failure to mark CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Executive Order 13556, Controlled Unclassified Information (CUI) The Information Security Oversight Office (ISOO): https://www.archives.gov/cui CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND); Enclosure A, paragraph 6.a. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: MP-3. DODI 5200.48 Controlled Unclassified Information (CUI) DOD 5200.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter 4 and Chapter 8, Section 3, paragraph 8-302.g.(1).
- ID
- SV-245850r917357_rule
- Version
- IS-16.03.02
- Severity
- Low
- Updated
Remediation Templates
A Manual Procedure
General Information:
This fix is only for unclassified/sensitive media being used in a strictly unclassified physical environment. If all Controlled Unclassified Information (CUI) media are in a mixed environment where classified systems and media are in use, then STIG ID IS-03.02.01. applies and this potential vulnerability is NA.
Ensure the following standard is met: