Understanding the Realities of Safeguarding Hardcopy Controlled Unclassified Information (CUI) (M01c)
Cyber risk and compliance management for federal contractors extend beyond digital assets and IT systems; they require a holistic approach to protecting Controlled Unclassified Information (CUI). This talk examines the broader application of NIST Special Publication 800-171 security requirements, using real-world examples such as securely handling CUI delivered through traditional mail and courier services. Many focus areas are limited to access control and physical security families, which are only the starting point for contractors working to safeguard CUI stored or processed by nonfederal organizations. The talk offers practical strategies for comprehensive CUI protection and achieving compliance with CMMC Level 1 and beyond.