MP-02 Media Access
Restrict access to mp-2_prm_1 to mp-2_prm_2.
|mp-2_prm_1||organization-defined types of digital and/or non-digital media|
|mp-2_prm_2||organization-defined personnel or roles|
|mp-02_odp.01||types of digital media|
|mp-02_odp.02||personnel or roles|
|mp-02_odp.03||types of non-digital media|
|mp-02_odp.04||personnel or roles|
System media includes digital and non-digital media. Digital media includes flash drives, diskettes, magnetic tapes, external or removable hard disk drives (e.g., solid state, magnetic), compact discs, and digital versatile discs. Non-digital media includes paper and microfilm. Denying access to patient medical records in a community hospital unless the individuals seeking access to such records are authorized healthcare providers is an example of restricting access to non-digital media. Limiting access to the design specifications stored on compact discs in the media library to individuals on the system development team is an example of restricting access to digital media.
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
- FIPS 199 National Institute of Standards and Technology (2004) Standards for Security Categorization of Federal Information and Information Systems. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 199.
- SP 800-111 Scarfone KA, Souppaya MP, Sexton M (2007) Guide to Storage Encryption Technologies for End User Devices. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-111.
Control Enhancements 2
- MP-02(01) Automated Restricted Access
- MP-02(02) Cryptographic Protection
Related controls 14
- AC-19 Access Control for Mobile Devices L M H P
- AU-09 Protection of Audit Information L M H P
- CP-02 Contingency Plan L M H P
- CP-09 System Backup L M H P
- CP-10 System Recovery and Reconstitution L M H P
- MA-05 Maintenance Personnel L M H P
- MP-04 Media Storage L M H P
- MP-06 Media Sanitization L M H P
- PE-02 Physical Access Authorizations L M H P
- PE-03 Physical Access Control L M H P
- SC-12 Cryptographic Key Establishment and Management L M H P
- SC-13 Cryptographic Protection L M H P
- SC-34 Non-modifiable Executable Programs L M H P
- SI-12 Information Management and Retention L M H P