Organizational Control: Media Access

Control ID: MP-2 Media Access Family: Media Protection Source: NIST 800-53r4
Control: The organization restricts access to [Assignment: organization-defined types of digital and/or non-digital media] to [Assignment: organization-defined personnel or roles].
Supplemental Guidance:
Information system media includes both digital and non-digital media. Digital media includes, for example, diskettes, magnetic tapes, external/removable hard disk drives, flash drives, compact disks, and digital video disks. Non-digital media includes, for example, paper and microfilm. Restricting non-digital media access includes, for example, denying access to patient medical records in a community hospital unless the individuals seeking access to such records are authorized healthcare providers. Restricting access to digital media includes, for example, limiting access to design specifications stored on compact disks in the media library to the project leader and the individuals on the development team.

Related Controls: AC-3, IA-2, MP-4, PE-2, PE-3, PL-2
Control Enhancements: N/A
References: FIPS Publication 199; NIST Special Publication 800-111.
Mechanisms:
Protocol Implementation Conformance Statements: N/A