NIST Special Publication 800 NIST SP 800-171r3

The Security Requirements

03.08.01: Media Storage

System media include digital and non-digital media. Digital media include diskettes, flash drives, magnetic tapes, external or removable solid state or magnetic drives, compact discs, and digital versatile discs. Non-digital media include paper and microfilm…

03.08.02: Media Access

System media include digital and non-digital media. Access to CUI on system media can be restricted by physically controlling such media…

03.08.03: Media Sanitization

Media sanitization applies to digital and non-digital media that are subject to disposal or reuse, whether or not the media are considered removable. Examples include digital media in scanners, copiers, printers, notebook computers, mobile devices, workstations, network components, and non-digital media…

03.08.04: Media Marking

System media include digital and non-digital media. Marking refers to the use or application of human-readable security attributes. Labeling refers to the use of security attributes for internal system data structures…

03.08.05: Media Transport

System media include digital and non-digital media. Digital media include flash drives, diskettes, magnetic tapes, external or removable solid state or magnetic drives, compact discs, and digital versatile discs…

03.08.06: Withdrawn

03.08.07: Media Use

In contrast to requirement 03.08.01, which restricts user access to media, this requirement restricts or prohibits the use of certain types of media, such as external hard drives, flash drives, or smart displays…

03.08.08: Withdrawn

03.08.09: System Backup – Cryptographic Protection

The selection of cryptographic mechanisms is based on the need to protect the confidentiality of backup information. Hardware security module (HSM) devices safeguard and manage cryptographic keys and provide cryptographic processing…