Description:
Access can be limited by physically controlling system media and secure storage areas. Physically controlling system media includes conducting inventories, ensuring procedures are in place to allow individuals to check out and return system media to the media library, and maintaining accountability for all stored media. Secure storage includes a locked drawer, desk, or cabinet, or a controlled media library
Priority: High
Category: Procedures / Rules of Behavior
Services Associated with AWS:
- AWS Secrets Manager, AWS Key Management Service (KMS), AWS Identity and Access Management (IAM)
Objective Evidence:
- Administrative: documented policies, standards & procedures
- Administrative: supporting documentation to demonstrate how Identity & Access Management (IAM) practices are implemented
- Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
- Administrative: documented data classification scheme
- Administrative: supporting documentation of role-based security training being performed
- Administrative: supporting documentation to demonstrate how Data Loss Prevention (DLP) is implemented, if applicable
Technical: screenshot of DLP technology, if applicable
Possible Technology Considerations :
NA
What needs to be answered :
Are all CUI systems managed under least access rules? Does the company limit CUI media access to authorized users?
- Limit Access to CUI on System Media
Description: This check ensures that access to Controlled Unclassified Information (CUI) on system media is limited to authorized users. Physical and logical controls are implemented to prevent unauthorized access to CUI stored on media. Physical controls involve physically controlling the system media by conducting inventories, establishing procedures for check-in and check-out, and maintaining accountability for all stored media. Secure storage areas, such as locked drawers, desks, cabinets, or controlled media libraries, are used to safeguard the system media.
More Details:
System media containing CUI has access limited to authorized users only.