CMMC Practice MP.2.120
Limit access to CUI on system media to authorized users.
Bold Coast Security Guidance
Keeping a media log should be a simple process. Designate a secure area for storage of media which contains "protected" information, such as CUI, and create a log for tracking the media whereabouts. To simplify the process, assign a person or persons to control access to the media and ensure consistency of the checkin / checkout process. There should also be regular audits of the storage area to validate that all the media expected to present is there.
DRAFT NIST SP 800-171 R2
Access can be limited by physically controlling system media and secure storage areas. Physically controlling system media includes conducting inventories , ensuring procedures are in place to allow individuals to check out and return system media to the media library, and maintaining accountability for all stored media. Secure storage includes a locked drawer, desk, or cabinet, or a controlled media library.