CMMC Practice MP.2.120

Limit access to CUI on system media to authorized users.

Source

CMMC Version 1.02, pg. 176

Bold Coast Security Guidance

Keeping a media log should be a simple process. Designate a secure area for storage of media which contains "protected" information, such as CUI, and create a log for tracking the media whereabouts. To simplify the process, assign a person or persons to control access to the media and ensure consistency of the checkin / checkout process. There should also be regular audits of the storage area to validate that all the media expected to present is there.

Discussion From Source

DRAFT NIST SP 800-171 R2 Access can be limited by physically controlling system media and secure storage areas. Physically controlling system media includes conducting inventories , ensuring procedures are in place to allow individuals to check out and return system media to the media library, and maintaining accountability for all stored media. Secure storage includes a locked drawer, desk, or cabinet, or a controlled media library.

References