Navigate

CCI-001015

CCI-001015 Definition

Defines types of digital and/or non-digital media to physically control and securely store within organization-defined controlled areas.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - [MP-04_ODP[01]; types of digital media to be physically controlled are defined (if selected)] are physically controlled. - [MP-04_ODP[02]; types of non-digital media to be physically controlled are defined (if selected)] are physically controlled. - [MP-04_ODP[03]; types of digital media to be securely stored are defined (if selected)] are securely stored within [MP-04_ODP[05]; controlled areas within which to securely store digital media are defined]. - [MP-04_ODP[04]; types of non-digital media to be securely stored are defined (if selected)] are securely stored within [MP-04_ODP[06]; controlled areas within which to securely store non-digital media are defined].

Validation Procedures

Examine: [SELECT FROM: System media protection policy; procedures addressing media storage; physical and environmental protection policy and procedures; access control policy and procedures; system media; designated controlled areas; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system media protection and storage responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for storing information media; mechanisms supporting and/or implementing secure media storage/media protection].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001015.

Control	Description
MP-4	a: Physically control and securely store [one of ] within [one of ] ; and b: Protect system media types defined in MP-4a until the media are destroyed or sanitized using approved equipment, techniques, and procedures.