CCI-002581

Defines the types of system media to restrict or prohibit on organization-defined systems or system components using organization-defined controls.

Implementation Guidance

The organization being inspected/assessed defines and documents the types of information system media to restrict or prohibit on organization-defined information systems or system components using organization-defined security safeguards. DoD has determined the types of information system media are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented type of information system media to ensure the organization being inspected/assessed defines the types of information system media to restrict or prohibit on organization-defined information systems or system components using organization-defined security safeguards. DoD has determined the types of information system media are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated SOP or TTP and audit trail showing specific types of media that is restricted for use with organization-defined information systems

The controls below (if any) were marked by NIST as being related to CCI-002581.