An assessment is being conducted at a remote client site.

Cyber AB CMMC-CCP Question Answer

An assessment is being conducted at a remote client site. For the duration of the assessment, the client has provided a designated hoteling space in their secure facility which consists of a desk with access to a shared printer. After noticing that the desk does not lock, a locked cabinet is requested but the client does not have one available. At the end of the day, the client provides a printout copy of an important network diagram. The diagram is clearly marked and contains CUI. What should be done NEXT to protect the document?

Take it with them to review in the evening.

Leave it on the desk for review the following day.

Put it in the unlocked desk drawer for review the following morning.

Take a picture with the personal phone before securely shredding it.

Explanation:

Understanding CUI Handling and Storage RequirementsControlled Unclassified Information (CUI) must beprotected from unauthorized access and properly storedperCMMC 2.0 Level 2 requirementsandNIST SP 800-171 controls. Key requirements include:

NIST SP 800-171 (Requirement 3.8.3)– CUI must bephysically protectedwhen not in use.

NIST SP 800-171 (Requirement 3.1.3)– CUI access should berestricted to authorized personnel only.

DoD CUI Program Guidance– Ifproper storage (e.g., locked cabinets or controlled access areas) is unavailable, CUI should be returned to an authorized individual or secure facility.

A. Take it with them to review in the evening → Incorrect

CUI should never be removed from a secure facility unless explicitly authorizedand handled in accordance with security policies (e.g., encrypted electronic transport, secure physical storage).

B. Leave it on the desk for review the following day → Incorrect

Leaving CUI unattendedon an open desk violatesCUI physical protection requirements.

C. Put it in the unlocked desk drawer for review the following morning → Incorrect

Anunlocked drawer does not meet CUI physical security storage requirements.

D. Take a picture with the personal phone before securely shredding it → Incorrect

Storing CUI on an unauthorized personal device is a serious security violationandunauthorized reproduction of CUI is prohibited.

Why None of the Provided Answers Are Fully Correct

What Should Be Done Instead?✔Return the document to the client for secure storage.

Since nosecure storage optionis available, thedocument must be returnedto the client, who should store it in anapproved secure location (e.g., a locked cabinet or classified storage area).

Theassessment team should not retain CUI unless they have an approved method of safeguarding it.

NIST SP 800-171 (Requirement 3.8.3 – Media Protection)

RequiresCUI to be physically securedwhen not in use.

DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting)

Establishes CUIstorage and handling protections.

CMMC 2.0 Level 2 (Advanced) Requirements

Requires organizations toimplement physical security controlsto protect CUI.

DoD CUI Program Guidelines

Clearly state thatCUI must be stored in locked cabinets or controlled-access areaswhen not actively in use.

CMMC 2.0 References Supporting This Answer:

Final Answer:????None of the provided answers fully comply with CUI protection requirements.Thebest course of action is to return the document to the client for secure storage.

CMMC-CCP PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

Get 65% Discount on All Products, Use Coupon: "ac4s65"

Two network administrators are working together to determine a network configuration in preparation for CMMC.

Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

An assessment is being conducted at a remote client site.

The Answer Is:

Explanation:

Quick Links