>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

MP-4Media Storage

Moderate
High

>Control Description

a

Physically control and securely store organization-defined types of digital and/or non-digital media within organization-defined controlled areas; and

b

Protect system media types defined in MP-4a until the media are destroyed or sanitized using approved equipment, techniques, and procedures.

>FedRAMP Baseline Requirements

Additional Requirements and Guidance

MP-4 (a) Requirement: The service provider defines controlled areas within facilities where the information and information system reside.

>Discussion

System media includes digital and non-digital media. Digital media includes flash drives, diskettes, magnetic tapes, external or removable hard disk drives (e.g., solid state, magnetic), compact discs, and digital versatile discs. Non-digital media includes paper and microfilm.

Physically controlling stored media includes conducting inventories, ensuring procedures are in place to allow individuals to check out and return media to the library, and maintaining accountability for stored media. Secure storage includes a locked drawer, desk, or cabinet or a controlled media library. The type of media storage is commensurate with the security category or classification of the information on the media.

Controlled areas are spaces that provide physical and procedural controls to meet the requirements established for protecting information and systems. Fewer controls may be needed for media that contains information determined to be in the public domain, publicly releasable, or have limited adverse impacts on organizations, operations, or individuals if accessed by other than authorized personnel. In these situations, physical access controls provide adequate protection.

>Cross-Framework Mappings

SCF

DCH-06
Compare

>Programmatic Queries

Beta

Related Services

Amazon S3
AWS KMS
Amazon S3 Glacier

CLI Commands

Check S3 bucket encryption configuration
aws s3api get-bucket-encryption --bucket BUCKET_NAME
Verify S3 bucket versioning (data protection)
aws s3api get-bucket-versioning --bucket BUCKET_NAME
List KMS keys used for storage encryption
aws kms list-keys --query 'Keys[].KeyId'
Check S3 bucket public access block
aws s3api get-public-access-block --bucket BUCKET_NAME
Open AWS ConsoleDocumentation

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of MP-4 (Media Storage)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring MP-4?
  • How frequently is the MP-4 policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures MP-4 requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce MP-4 requirements.
  • What automated tools, systems, or technologies are deployed to implement MP-4?
  • How is MP-4 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce MP-4 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of MP-4?
  • What audit logs, records, reports, or monitoring data validate MP-4 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of MP-4 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate MP-4 compliance?

Ask AI

Configure your API key to use AI features.