CCI-001024

The organization restricts the activities associated with the transport of information system media to authorized personnel.

Implementation Guidance

The organization being inspected/assessed ensures the organization defined security measures (MP-2) includes a requirement to develop and maintain a list of personnel authorized to transport information system media outside of controlled areas, IAW DoDM 5200.01 M Vol. 1-4 and DoDD 5015.2. Develop and maintain the list of personnel authorized to transport information system media outside of controlled areas.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the list of personnel authorized to transport information system media outside of controlled areas. Organizational personnel with information system media transport responsibilities and security management personnel are to be interviewed. The purpose of the reviews and reviews is to determine if the organization has established restrictions associated with the transport of information system media to authorized personnel only.

Compelling Evidence

1.) Policy to ensure that defined security measures include a requirement to develop a list of personnel authorized to transport information system media outside controlled areas. 2.) List of personnel authorized to transport information system media outside of controlled areas. 3.) Training documentation for personnel on the guidelines of transporting information system media.

The controls below (if any) were marked by NIST as being related to CCI-001024.