Only authorized users should be able to get to CUI on media.
What it actually means
Restrict access to CUI on system media to authorized users. This is the access-control side of media protection: combine physical storage controls with permissions so only authorized people can reach CUI on drives, shares, and removable media.
Pass or fail — an assessor needs a "yes" to each
- Is access to CUI on media limited to authorized users (physical and logical)?
- Are permissions and storage controls aligned so unauthorized users can't reach it?
What to have ready
- Access-control configuration for CUI storage
- Authorized-user list for CUI media
Where teams trip up
- Shared drives with CUI open to all staff
- No link between who's authorized and who can physically reach media
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →