CCI-001015
CCI-001015 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if: - [MP-04_ODP[01]; types of digital media to be physically controlled are defined (if selected)] are physically controlled. - [MP-04_ODP[02]; types of non-digital media to be physically controlled are defined (if selected)] are physically controlled. - [MP-04_ODP[03]; types of digital media to be securely stored are defined (if selected)] are securely stored within [MP-04_ODP[05]; controlled areas within which to securely store digital media are defined]. - [MP-04_ODP[04]; types of non-digital media to be securely stored are defined (if selected)] are securely stored within [MP-04_ODP[06]; controlled areas within which to securely store non-digital media are defined].
Validation Procedures
Examine: [SELECT FROM: System media protection policy; procedures addressing media storage; physical and environmental protection policy and procedures; access control policy and procedures; system media; designated controlled areas; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system media protection and storage responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for storing information media; mechanisms supporting and/or implementing secure media storage/media protection].