CCI-002581

Defines the types of system media to restrict or prohibit on organization-defined systems or system components using organization-defined controls.

Implementation Guidance

Determine if the use of [MP-07_ODP[01]; types of system media to be restricted or prohibited from use on systems or system components are defined] is [MP-07_ODP[02]; one of the following PARAMETER VALUES is selected: {restrict; prohibit}] on [MP-07_ODP[03]; systems or system components on which the use of specific types of system media to be restricted or prohibited are defined] using [MP-07_ODP[04]; controls to restrict or prohibit the use of specific types of system media on systems or system components are defined].

Validation Procedures

Examine: [SELECT FROM: System media protection policy; system use policy; procedures addressing media usage restrictions; rules of behavior; system design documentation; system configuration settings and associated documentation; audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system media use responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes for media use; mechanisms restricting or prohibiting the use of system media on systems or system components].

The controls below (if any) were marked by NIST as being related to CCI-002581.