MP-07 Media Use

Media Protection

Low Moderate High

Description

a. [Selection: Restrict; Prohibit] the use of [Assignment: organization-defined types of system media] on [Assignment: organization-defined systems or system components] using [Assignment: organization-defined controls]; and b. Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner.

Supplemental Guidance

System media includes both digital and non-digital media. Digital media includes flash drives, diskettes, magnetic tapes, external and removable hard disk drives, compact discs, and digital versatile discs. Non-digital media includes paper and microfilm. Media use protections also apply to mobile devices with information storage capabilities. In contrast to MP-02, which restricts user access to media, MP-07 restricts the use of certain types of media on systems.

Changes from Rev 4

No significant changes from Rev 4.

MITRE ATT&CK Techniques (6)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Initial Access 2 Lateral Movement 1 Collection 1 Command & Control 1 Exfiltration 2

Compliance Mappings

ISO 27001:2022

A.7.10A.7.14

ISO 27002:2022

5.107.10

COBIT 2019

APO14BAI09

CIS Controls v8

CIS 10.3CIS 10.4CIS 3

PCI DSS v4.0.1

9.4

FINOS CCC

CCC-C16

MAS TRM

BIO2

5.107.10

RBI CSF

Annex1.12

FISC Security Guidelines

FISC.F4

SAMA CSF

3.9

UAE IA

CBB TM

TM-9

Qatar NIA

CBUAE

CR-5

CBE CSF

CTO-2

CBN CSF

Part3.4

BoG CISD

CISD-V

BoM CTRM

3.12

FFIEC IS

II.C.13II.C.13(d)

HIPAA Security Rule

§164.310(d)(1)§164.310(d)(2)(ii)

BOT Cyber Resilience

Ch2.3

CMMC 2.0

10 CFR 73.54

RG5.71-B-MA

IEEE 1686-2022

5.9

HITRUST CSF v11

01.d09.f

ISO 27799

8.3

NHS DSPT

NDG-9.7

CCSS v9.0

2.02.1