Description:   

Access can be limited by physically controlling system media and secure storage areas. Physically controlling system media includes conducting inventories, ensuring procedures are in place to allow individuals to check out and return system media to the media library, and maintaining accountability for all stored media. Secure storage includes a locked drawer, desk, or cabinet, or a controlled media library 


Priority: High   


Category: Procedures / Rules of Behavior 


Services Associated with AWS:   

  • AWS Secrets Manager, AWS Key Management Service (KMS), AWS Identity and Access Management (IAM)


Objective Evidence:  

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate how Identity & Access Management (IAM) practices are implemented
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
  • Administrative: documented data classification scheme
  • Administrative: supporting documentation of role-based security training being performed
  • Administrative: supporting documentation to demonstrate how Data Loss Prevention (DLP) is implemented, if applicable
    Technical: screenshot of DLP technology, if applicable
     


Possible Technology Considerations : 

NA


What needs to be answered :  


Are all CUI systems managed under least access rules? Does the company limit CUI media access to authorized users? 

  • Limit Access to CUI on System Media
    Description: This check ensures that access to Controlled Unclassified Information (CUI) on system media is limited to authorized users. Physical and logical controls are implemented to prevent unauthorized access to CUI stored on media. Physical controls involve physically controlling the system media by conducting inventories, establishing procedures for check-in and check-out, and maintaining accountability for all stored media. Secure storage areas, such as locked drawers, desks, cabinets, or controlled media libraries, are used to safeguard the system media.
     


More Details:   

System media containing CUI has access limited to authorized users only.