Red Hat Virtualization Host - Media Protection

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
MP-1 Media Protection Policy And Procedures

not applicable

MP-2 Media Access

not applicable

MP-2 (1) Automated Restricted Access
MP-2 (2) Cryptographic Protection
MP-3 Media Marking
MP-4 Media Storage
MP-4 (1) Cryptographic Protection
MP-4 (2) Automated Restricted Access
MP-5 Media Transport
MP-5 (1) Protection Outside Of Controlled Areas
MP-5 (2) Documentation Of Activities
MP-5 (3) Custodians
MP-5 (4) Cryptographic Protection
MP-6 Media Sanitization

not applicable

MP-6 (1) Review / Approve / Track / Document / Verify
MP-6 (2) Equipment Testing
MP-6 (3) Nondestructive Techniques
MP-6 (4) Controlled Unclassified Information
MP-6 (5) Classified Information
MP-6 (6) Media Destruction
MP-6 (7) Dual Authorization
MP-6 (8) Remote Purging / Wiping Of Information
MP-7 Media Use

complete

MP-7 (1) Prohibit Use Without Owner
MP-7 (2) Prohibit Use Of Sanitization-Resistant Media
MP-8 Media Downgrading
MP-8 (1) Documentation Of Process
MP-8 (2) Equipment Testing
MP-8 (3) Controlled Unclassified Information
MP-8 (4) Classified Information



MP-1: Media Protection Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A media protection policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the media protection policy and associated media protection controls; and b. Reviews and updates the current: 1. Media protection policy [Assignment: organization-defined frequency]; and 2. Media protection procedures [Assignment: organization-defined frequency].

MP-1 Control Response Information
Implementation Status:

not applicable

MP-1: What is the solution and how is it implemented?
MP-1(a):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

MP-1(b):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’




MP-2: Media Access

“The organization restricts access to [Assignment: organization-defined types of digital and/or non-digital media] to [Assignment: organization-defined personnel or roles].”

MP-2 Control Response Information
Implementation Status:

not applicable

MP-2: What is the solution and how is it implemented?

This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).




MP-2 (1): Automated Restricted Access

“[Withdrawn: Incorporated into MP-4 (2)].”

MP-2 (1) Control Response Information
Implementation Status:
MP-2 (1): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-2 (2): Cryptographic Protection

“[Withdrawn: Incorporated into SC-28 (1)].”

MP-2 (2) Control Response Information
Implementation Status:
MP-2 (2): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-3: Media Marking

The organization: a. Marks information system media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information; and b. Exempts [Assignment: organization-defined types of information system media] from marking as long as the media remain within [Assignment: organization-defined controlled areas].

MP-3 Control Response Information
Implementation Status:
MP-3: What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-4: Media Storage

The organization: a. Physically controls and securely stores [Assignment: organization-defined types of digital and/or non-digital media] within [Assignment: organization-defined controlled areas]; and b. Protects information system media until the media are destroyed or sanitized using approved equipment, techniques, and procedures.

MP-4 Control Response Information
Implementation Status:
MP-4: What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-4 (1): Cryptographic Protection

“[Withdrawn: Incorporated into SC-28 (1)].”

MP-4 (1) Control Response Information
Implementation Status:
MP-4 (1): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-4 (2): Automated Restricted Access

“The organization employs automated mechanisms to restrict access to media storage areas and to audit access attempts and access granted.”

MP-4 (2) Control Response Information
Implementation Status:
MP-4 (2): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-5: Media Transport

The organization: a. Protects and controls [Assignment: organization-defined types of information system media] during transport outside of controlled areas using [Assignment: organization-defined security safeguards]; b. Maintains accountability for information system media during transport outside of controlled areas; c. Documents activities associated with the transport of information system media; and d. Restricts the activities associated with the transport of information system media to authorized personnel.

MP-5 Control Response Information
Implementation Status:
MP-5: What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-5 (1): Protection Outside Of Controlled Areas

“[Withdrawn: Incorporated into MP-5].”

MP-5 (1) Control Response Information
Implementation Status:
MP-5 (1): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-5 (2): Documentation Of Activities

“[Withdrawn: Incorporated into MP-5].”

MP-5 (2) Control Response Information
Implementation Status:
MP-5 (2): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-5 (3): Custodians

“The organization employs an identified custodian during transport of information system media outside of controlled areas.”

MP-5 (3) Control Response Information
Implementation Status:
MP-5 (3): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-5 (4): Cryptographic Protection

“The information system implements cryptographic mechanisms to protect the confidentiality and integrity of information stored on digital media during transport outside of controlled areas.”

MP-5 (4) Control Response Information
Implementation Status:
MP-5 (4): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-6: Media Sanitization

The organization: a. Sanitizes [Assignment: organization-defined information system media] prior to disposal, release out of organizational control, or release for reuse using [Assignment: organization-defined sanitization techniques and procedures] in accordance with applicable federal and organizational standards and policies; and b. Employs sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.

MP-6 Control Response Information
Implementation Status:

not applicable

MP-6: What is the solution and how is it implemented?
MP-6(a):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

MP-6(b):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’




MP-6 (1): Review / Approve / Track / Document / Verify

“The organization reviews, approves, tracks, documents, and verifies media sanitization and disposal actions.”

MP-6 (1) Control Response Information
Implementation Status:
MP-6 (1): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-6 (2): Equipment Testing

“The organization tests sanitization equipment and procedures [Assignment: organization-defined frequency] to verify that the intended sanitization is being achieved.”

MP-6 (2) Control Response Information
Implementation Status:
MP-6 (2): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-6 (3): Nondestructive Techniques

“The organization applies nondestructive sanitization techniques to portable storage devices prior to connecting such devices to the information system under the following circumstances: [Assignment: organization-defined circumstances requiring sanitization of portable storage devices].”

MP-6 (3) Control Response Information
Implementation Status:
MP-6 (3): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-6 (4): Controlled Unclassified Information

“[Withdrawn: Incorporated into MP-6].”

MP-6 (4) Control Response Information
Implementation Status:
MP-6 (4): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-6 (5): Classified Information

“[Withdrawn: Incorporated into MP-6].”

MP-6 (5) Control Response Information
Implementation Status:
MP-6 (5): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-6 (6): Media Destruction

“[Withdrawn: Incorporated into MP-6].”

MP-6 (6) Control Response Information
Implementation Status:
MP-6 (6): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



MP-6 (7): Dual Authorization

“The organization enforces dual authorization for the sanitization of [Assignment: organization-defined information system media].”

MP-6 (7) Control Response Information
Implementation Status: