CCI-001024

Implementation Guidance

Determine if: - personnel authorized to conduct media transport activities is/are identified. - activities associated with the transport of system media are restricted to identified authorized personnel.

Validation Procedures

Examine: [SELECT FROM: System media protection policy; procedures addressing media storage; physical and environmental protection policy and procedures; access control policy and procedures; authorized personnel list; system media; designated controlled areas; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system media protection and storage responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes for storing information media; mechanisms supporting and/or implementing media storage/media protection].