CMMC Practice MP.L2-3.8.2

Media Access: Limit access to CUI on system media to authorized users.

Monarch ISC Guidance

Keeping a media log should be a simple process. Designate a secure area for storage of media which contains "protected" information, such as CUI, and create a log for tracking the media whereabouts. To simplify the process, assign a person or persons to control access to the media and ensure consistency of the checkin / checkout process. There should also be regular audits of the storage area to validate that all the media expected to present is there.

Discussion From Source

NIST SP 800-171 R2 Access can be limited by physically controlling system media and secure storage areas. Physically controlling system media includes conducting inventories, ensuring procedures are in place to allow individuals to check out and return system media to the media library, and maintaining accountability for all stored media. Secure storage includes a locked drawer, desk, or cabinet, or a controlled media library.

References