zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-31 23:16:36 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/mp-5.md
Logan McDonald 8d493d2e44
Document things cloud.gov CRM fully supports (#122) 
* document things cloud.gov crm fully supports

* run make assemble
2022-10-13 10:36:44 -04:00

3.6 KiB
Raw Blame History

implementation-status control-origination
c-implemented
c-inherited-cloud-gov

mp-5 - [catalog] Media Transport

Control Statement

  • [a] Protect and control types of system media during transport outside of controlled areas using organization-defined controls;

  • [b] Maintain accountability for system media during transport outside of controlled areas;

  • [c] Document activities associated with the transport of system media; and

  • [d] Restrict the activities associated with the transport of system media to authorized personnel.

Control guidance

System media includes digital and non-digital media. Digital media includes flash drives, diskettes, magnetic tapes, external or removable hard disk drives (e.g., solid state and magnetic), compact discs, and digital versatile discs. Non-digital media includes microfilm and paper. Controlled areas are spaces for which organizations provide physical or procedural controls to meet requirements established for protecting information and systems. Controls to protect media during transport include cryptography and locked containers. Cryptographic mechanisms can provide confidentiality and integrity protections depending on the mechanisms implemented. Activities associated with media transport include releasing media for transport, ensuring that media enters the appropriate transport processes, and the actual transport. Authorized transport and courier personnel may include individuals external to the organization. Maintaining accountability of media during transport includes restricting transport activities to authorized personnel and tracking and/or obtaining records of transport activities as the media moves through the transportation system to prevent and detect loss, destruction, or tampering. Organizations establish documentation requirements for activities associated with the transport of system media in accordance with organizational assessments of risk. Organizations maintain the flexibility to define record-keeping methods for the different types of media transport as part of a system of transport-related records.

Control assessment-objective

types of system media are protected during transport outside of controlled areas using controls; types of system media are controlled during transport outside of controlled areas using controls; accountability for system media is maintained during transport outside of controlled areas; activities associated with the transport of system media are documented; personnel authorized to conduct media transport activities is/are identified; activities associated with the transport of system media are restricted to identified authorized personnel.

What is the solution and how is it implemented?

Implementation a.

Customer applications fully inherit this control from cloud.gov.

Implementation b.

Customer applications fully inherit this control from cloud.gov.

Implementation c.

Customer applications fully inherit this control from cloud.gov.

Implementation d.

Customer applications fully inherit this control from cloud.gov.