Organizational Control: Media Access
Control ID: MP-2 Media Access | Family: Media Protection | Source: NIST 800-53r4 |
Control: The organization restricts access to [Assignment: organization-defined types of digital and/or non-digital media] to [Assignment: organization-defined personnel or roles]. | ||
Supplemental Guidance: Information system media includes both digital and non-digital media. Digital media includes, for example, diskettes, magnetic tapes, external/removable hard disk drives, flash drives, compact disks, and digital video disks. Non-digital media includes, for example, paper and microfilm. Restricting non-digital media access includes, for example, denying access to patient medical records in a community hospital unless the individuals seeking access to such records are authorized healthcare providers. Restricting access to digital media includes, for example, limiting access to design specifications stored on compact disks in the media library to the project leader and the individuals on the development team. Related Controls: AC-3, IA-2, MP-4, PE-2, PE-3, PL-2 |
||
Control Enhancements: N/A | ||
References: FIPS Publication 199; NIST Special Publication 800-111. | ||
Mechanisms: | ||
Protocol Implementation Conformance Statements: N/A |