Navigate

CCI-002581

CCI-002581 Definition

Defines the types of system media to restrict or prohibit on organization-defined systems or system components using organization-defined controls.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the types of information system media to restrict or prohibit on organization-defined information systems or system components using organization-defined security safeguards. DoD has determined the types of information system media are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented type of information system media to ensure the organization being inspected/assessed defines the types of information system media to restrict or prohibit on organization-defined information systems or system components using organization-defined security safeguards. DoD has determined the types of information system media are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated SOP or TTP and audit trail showing specific types of media that is restricted for use with organization-defined information systems

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002581.

Control	Description
MP-7	The organization [one of "restricts"/"prohibits"] the use of [one of ] on [one of ] using [one of ].