MP-04 Media Storage

a. Physically control and securely store mp-4_prm_1 within mp-4_prm_2 ; and

b. Protect system media types defined in MP-4a until the media are destroyed or sanitized using approved equipment, techniques, and procedures.

Parameter ID Definition
mp-4_prm_1 organization-defined types of digital and/or non-digital media
mp-4_prm_2 organization-defined controlled areas
mp-04_odp.01 types of digital media
mp-04_odp.02 types of non-digital media
mp-04_odp.03 types of digital media
mp-04_odp.04 types of non-digital media
mp-04_odp.05 controlled areas
mp-04_odp.06 controlled areas



System media includes digital and non-digital media. Digital media includes flash drives, diskettes, magnetic tapes, external or removable hard disk drives (e.g., solid state, magnetic), compact discs, and digital versatile discs. Non-digital media includes paper and microfilm. Physically controlling stored media includes conducting inventories, ensuring procedures are in place to allow individuals to check out and return media to the library, and maintaining accountability for stored media. Secure storage includes a locked drawer, desk, or cabinet or a controlled media library. The type of media storage is commensurate with the security category or classification of the information on the media. Controlled areas are spaces that provide physical and procedural controls to meet the requirements established for protecting information and systems. Fewer controls may be needed for media that contains information determined to be in the public domain, publicly releasable, or have limited adverse impacts on organizations, operations, or individuals if accessed by other than authorized personnel. In these situations, physical access controls provide adequate protection.

References 8

Control Enhancements 2

Related controls 14