Understanding the Media Protection (MP) DomainTheMedia Protection (MP) domaininCMMC 2.0focuses on the security requirements needed to handlephysical or digital mediacontainingControlled Unclassified Information (CUI).
This domain includes controls for:
Protecting digital and physical mediathat store CUI.
Sanitizing and destroying mediabefore disposal or reuse.
Restricting access to CUI mediato authorized personnel only.
TheMP domaindirectly addresses the requirements for handlingCUI media, includingencryption, access control, storage, and disposal.
CMMC 2.0Level 2aligns withNIST SP 800-171, which includesMP controlsfor managing media containing CUI.
B. Physical Protection (PE)→Incorrect
PEfocuses onphysical security(e.g., facility access, visitor logs, physical barriers),not the handling of CUI on media.
C. System and Information Integrity (SI)→Incorrect
SIdeals withsystem monitoring, vulnerability management, and incident response, not media protection.
D. System and Communications Protection (SC)→Incorrect
SCcoversnetwork security, encryption, and secure communications, but does not specifically focus on media handling.
CMMC Level 2 Practice MP.3.125– Protects CUI by ensuring proper handling ofmedia containing CUI.
NIST SP 800-171 (MP Family)– Establishes security requirements for handlingdigital and physical mediacontaining CUI.
CMMC Scoping Guide (Nov 2021)– ConfirmsMP controls apply to all media that store, process, or transmit CUI.
Why the Correct Answer is "A. Media Protection (MP)"?Why Not the Other Options?Relevant CMMC 2.0 References:Final Justification:SinceMedia Protection (MP) directly addresses the handling of assets containing CUI, the correct answer isA. Media Protection (MP).
Submit