National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security and Privacy Controls for Federal Information Systems and Organizations

MP-2 MEDIA ACCESS

Family:
MP - MEDIA PROTECTION
Class:
Priority:
P1 - Implement P1 security controls first.
Baseline Allocation:
Low Moderate High
MP-2 MP-2 MP-2

Control Description

The organization restricts access to [Assignment: organization-defined types of digital and/or non-digital media] to [Assignment: organization-defined personnel or roles].

Supplemental Guidance

Information system media includes both digital and non-digital media. Digital media includes, for example, diskettes, magnetic tapes, external/removable hard disk drives, flash drives, compact disks, and digital video disks. Non-digital media includes, for example, paper and microfilm. Restricting non-digital media access includes, for example, denying access to patient medical records in a community hospital unless the individuals seeking access to such records are authorized healthcare providers. Restricting access to digital media includes, for example, limiting access to design specifications stored on compact disks in the media library to the project leader and the individuals on the development team.

Related to: AC-3IA-2MP-4PE-2PE-3PL-2

Control Enhancements

MP-2(1) MEDIA ACCESS | AUTOMATED RESTRICTED ACCESS
[Withdrawn: Incorporated into MP-4 (2)].
MP-2(2) MEDIA ACCESS | CRYPTOGRAPHIC PROTECTION
[Withdrawn: Incorporated into SC-28 (1)].