Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

mp-5

media transport

assessment objective:

Determine if the organization:

mp-5(a)

mp-5(a)[1]

defines types of information system media to be protected and controlled during transport outside of controlled areas;

mp-5(a)[2]

defines security safeguards to protect and control organization-defined information system media during transport outside of controlled areas;

mp-5(a)[3]

protects and controls organization-defined information system  media during transport outside of controlled areas using organization-defined security safeguards;

mp-5(b)

maintains accountability for information system media during transport outside of controlled areas;

mp-5(c)

documents activities associated with the transport of information system media; and

mp-5(d)

restricts the activities associated with transport of information system media to authorized personnel.

potential assessment methods and objects:

Examine: [select from: Information system media protection policy; procedures addressing media storage; physical and environmental protection policy and procedures; access control policy and procedures; security plan; information system media; designated controlled areas; other relevant documents or records].

Interview: [select from: Organizational personnel with information system media protection and storage responsibilities; organizational personnel with information security responsibilities; system/network administrators].

Test: [select from: Organizational processes for storing information media; automated mechanisms supporting and/or implementing media storage/media protection].