>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

MP-4Media Storage

IL4 Mod
IL4 High
IL5
IL6

>Control Description

a

Physically control and securely store organization-defined types of digital and/or non-digital media within organization-defined controlled areas; and

b

Protect system media types defined in MP-4a until the media are destroyed or sanitized using approved equipment, techniques, and procedures.

>DoD Impact Level Requirements

FedRAMP Parameter Values

MP-4 (a)-1 [all types of digital and non-digital media with sensitive information] MP-4 (a)-2 [see additional FedRAMP requirements and guidance]

Additional Requirements and Guidance

MP-4 (a) Requirement: The service provider defines controlled areas within facilities where the information and information system reside.

>Discussion

System media includes digital and non-digital media. Digital media includes flash drives, diskettes, magnetic tapes, external or removable hard disk drives (e.g., solid state, magnetic), compact discs, and digital versatile discs. Non-digital media includes paper and microfilm.

Physically controlling stored media includes conducting inventories, ensuring procedures are in place to allow individuals to check out and return media to the library, and maintaining accountability for stored media. Secure storage includes a locked drawer, desk, or cabinet or a controlled media library. The type of media storage is commensurate with the security category or classification of the information on the media.

Controlled areas are spaces that provide physical and procedural controls to meet the requirements established for protecting information and systems. Fewer controls may be needed for media that contains information determined to be in the public domain, publicly releasable, or have limited adverse impacts on organizations, operations, or individuals if accessed by other than authorized personnel. In these situations, physical access controls provide adequate protection.

>Programmatic Queries

Beta

Related Services

Amazon S3
AWS KMS
Amazon S3 Glacier

CLI Commands

Check S3 bucket encryption configuration
aws s3api get-bucket-encryption --bucket BUCKET_NAME
Verify S3 bucket versioning (data protection)
aws s3api get-bucket-versioning --bucket BUCKET_NAME
List KMS keys used for storage encryption
aws kms list-keys --query 'Keys[].KeyId'
Check S3 bucket public access block
aws s3api get-public-access-block --bucket BUCKET_NAME
Open AWS ConsoleDocumentation

>Related Controls

AC-19
CP-2
CP-6
CP-9
CP-10
MP-2
MP-7
PE-3
PL-2
SC-12
SC-13
SC-28
SC-34
SI-12

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of MP-4 (Media Storage)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring MP-4?
  • How frequently is the MP-4 policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures MP-4 requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce MP-4 requirements.
  • What automated tools, systems, or technologies are deployed to implement MP-4?
  • How is MP-4 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce MP-4 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of MP-4?
  • What audit logs, records, reports, or monitoring data validate MP-4 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of MP-4 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate MP-4 compliance?

Ask AI

Configure your API key to use AI features.