CCI-002582

Defines the systems or system components on which to restrict or prohibit the use of organization-defined types of system media using organization-defined controls.

Implementation Guidance

The organization being inspected/assessed defines and documents the information systems or system components to restrict or prohibit the use of organization-defined types of information system media using organization-defined security safeguards. DoD has determined the information systems or system components are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented information systems or system components to ensure the organization being inspected/assessed defines the information systems or system components to restrict or prohibit the use of organization-defined types of information system media using organization-defined security safeguards. DoD has determined the information systems or system components are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Audit trail assessing and defining which media types are restricted or prohibited

The controls below (if any) were marked by NIST as being related to CCI-002582.