MP-2

Media ProtectionRev 5organization

Media Access

Baselines:LowModerateHigh

Control Statement

Restrict access to [Assignment: organization-defined types of digital and/or non-digital media] to [Assignment: organization-defined personnel or roles].

Supplemental Guidance

System media includes digital and non-digital media. Digital media includes flash drives, diskettes, magnetic tapes, external or removable hard disk drives (e.g., solid state, magnetic), compact discs, and digital versatile discs. Non-digital media includes paper and microfilm. Denying access to patient medical records in a community hospital unless the individuals seeking access to such records are authorized healthcare providers is an example of restricting access to non-digital media. Limiting access to the design specifications stored on compact discs in the media library to individuals on the system development team is an example of restricting access to digital media.

Related Controls (14)

AC-19 AU-9 CP-2 CP-9 CP-10 MA-5 MP-4 MP-6 PE-2 PE-3 SC-12 SC-13 SC-34 SI-12

CCI Identifiers (4)

CCI-001003Restrict access to organization-defined types of digital and/or non-digital media to organization-defined personnel or roles.CCI-001004Defines types of digital and/or non-digital media for which the organization restricts access.CCI-001005Defines personnel or roles from which to restrict access to organization-defined types of digital and/or non-digital media.CCI-001006The organization defines security measures for restricting access to media.

Linked STIG Checks (0)

No STIG checks reference this control.