MP.L2-3.8.2 Media Access
Limit access to CUI on system media to authorized users.
Source: NIST SP 800-171 Rev 2 3.8.2
Discussion: Access can be limited by physically controlling system media and secure storage areas. Physically controlling system media includes conducting inventories, ensuring procedures are in place to allow individuals to check out and return system media to the media library, and maintaining accountability for all stored media. Secure storage includes a locked drawer, desk, or cabinet, or a controlled media library
Assessment Objectives:
Determine if:
- [a] access to CUI on system media is limited to authorized users.
Examine: [SELECT FROM: System media protection policy; procedures addressing media storage; physical and environmental protection policy and procedures; access control policy and procedures; security plan; system media; designated controlled areas; other relevant documents or records].
Interview: [SELECT FROM: Personnel with system media protection and storage responsibilities; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for storing media; mechanisms supporting or implementing secure media storage and media protection].
SPRS Score: 3
POA&M Allowed: No