>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

MP-2Media Access

LI-SaaS
Low
Moderate
High

>Control Description

Restrict access to organization-defined types of digital and/or non-digital media to organization-defined personnel or roles.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

System media includes digital and non-digital media. Digital media includes flash drives, diskettes, magnetic tapes, external or removable hard disk drives (e.g., solid state, magnetic), compact discs, and digital versatile discs. Non-digital media includes paper and microfilm.

Denying access to patient medical records in a community hospital unless the individuals seeking access to such records are authorized healthcare providers is an example of restricting access to non-digital media. Limiting access to the design specifications stored on compact discs in the media library to individuals on the system development team is an example of restricting access to digital media.

>Cross-Framework Mappings

SCF

DCH-03
Compare
END-01
Compare

>Programmatic Queries

Beta

Related Services

S3
EBS
IAM

CLI Commands

Check S3 bucket policies
aws s3api get-bucket-policy --bucket BUCKET_NAME
List EBS volume permissions
aws ec2 describe-volumes --query 'Volumes[*].{Id:VolumeId,Encrypted:Encrypted,State:State}'
Check snapshot permissions
aws ec2 describe-snapshot-attribute --snapshot-id SNAPSHOT_ID --attribute createVolumePermission
List S3 access points
aws s3control list-access-points --account-id ACCOUNT_ID
Open AWS ConsoleDocumentation

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of MP-2 (Media Access)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring MP-2?
  • How frequently is the MP-2 policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures MP-2 requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce MP-2 requirements.
  • What automated tools, systems, or technologies are deployed to implement MP-2?
  • How is MP-2 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce MP-2 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of MP-2?
  • What audit logs, records, reports, or monitoring data validate MP-2 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of MP-2 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate MP-2 compliance?

Ask AI

Configure your API key to use AI features.