Red Hat Virtualization Manager - Media Protection

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
MP-1 Media Protection Policy And Procedures

not applicable

MP-2 Media Access

not applicable

MP-2 (1) Automated Restricted Access
MP-2 (2) Cryptographic Protection
MP-3 Media Marking
MP-4 Media Storage
MP-4 (1) Cryptographic Protection
MP-4 (2) Automated Restricted Access
MP-5 Media Transport
MP-5 (1) Protection Outside Of Controlled Areas
MP-5 (2) Documentation Of Activities
MP-5 (3) Custodians
MP-5 (4) Cryptographic Protection
MP-6 Media Sanitization

not applicable

MP-6 (1) Review / Approve / Track / Document / Verify
MP-6 (2) Equipment Testing
MP-6 (3) Nondestructive Techniques
MP-6 (4) Controlled Unclassified Information
MP-6 (5) Classified Information
MP-6 (6) Media Destruction
MP-6 (7) Dual Authorization
MP-6 (8) Remote Purging / Wiping Of Information
MP-7 Media Use

not applicable

MP-7 (1) Prohibit Use Without Owner
MP-7 (2) Prohibit Use Of Sanitization-Resistant Media
MP-8 Media Downgrading
MP-8 (1) Documentation Of Process
MP-8 (2) Equipment Testing
MP-8 (3) Controlled Unclassified Information
MP-8 (4) Classified Information



MP-1: Media Protection Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A media protection policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the media protection policy and associated media protection controls; and b. Reviews and updates the current: 1. Media protection policy [Assignment: organization-defined frequency]; and 2. Media protection procedures [Assignment: organization-defined frequency].

MP-1 Control Response Information
Implementation Status:

not applicable

MP-1: What is the solution and how is it implemented?



MP-2: Media Access

“The organization restricts access to [Assignment: organization-defined types of digital and/or non-digital media] to [Assignment: organization-defined personnel or roles].”

MP-2 Control Response Information
Implementation Status:

not applicable

MP-2: What is the solution and how is it implemented?



MP-2 (1): Automated Restricted Access

“[Withdrawn: Incorporated into MP-4 (2)].”

MP-2 (1) Control Response Information
Implementation Status:
MP-2 (1): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Manager.



MP-2 (2): Cryptographic Protection

“[Withdrawn: Incorporated into SC-28 (1)].”

MP-2 (2) Control Response Information
Implementation Status: