Book:Comprehensive Guide to Developing and Implementing a Cybersecurity Plan/A simplified description of NIST Special Publication 800-53 controls, with ties to LIMSpec/Media protection

From LIMSWiki
Jump to navigationJump to search

Appendix 1.10 Media protection

MP-1 Policy and procedures

This control recommends the organization develop, document, disseminate, review, and update media protection policies and procedures. It asks organizations to not only address the purpose, scope, roles, responsibilities, and enforcement of media protection action but also to address how those policies and procedures will be implemented, reviewed, and updated.

Additional resources:

MP-2 Media access

This control recommends the organization implement and enforce restrictions on specified digital and non-digital media, limiting access to only authorized personnel or roles within the organization. This will likely relate to controls on media containing sensitive, protected, or confidential data contained on the media.

Additional resources:

MP-6 Media sanitization

This control recommends the organization sanitize specified system media using authorized techniques prior to being disposed, released out of organizational control, or released for reuse. The techniques used should match the security or classification level assigned to the information contained on the media.

Additional resources:

MP-7 Media use

This control recommends the organization determine which, if any, digital and non-digital media should be prohibited from being used on which systems or system components. Note that "[i]n contrast to MP-2, which restricts user access to media, MP-7 restricts the use of certain types of media on information systems, for example, restricting or prohibiting the use of flash drives or external hard disk drives" on the system or its subsystems.

Additional resources:

  • No LIMSpec comp (organizational policy rather than system specification)