home || catalog: SP800-53rev3 / class: Operational / family: (MP) Media Protection ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP

MP-01
MP-02
MP-03 *
MP-04
MP-05
MP-06

PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  MP-03: Media Marking  

base control objective:
The organization:
a. Marks, in accordance with organizational policies and procedures, removable information system media and information system output indicating the distribution limitations, handling caveats and applicable security markings (if any) of the information; and
b. Exempts [Assignment: organization-defined list of removable media types] from marking as long as the exempted items remain within [Assignment: organization-defined controlled areas].

supplemental objective information:
The term marking is used when referring to the application or use of human-readable security attributes. The term labeling is used when referring to the application or use of security attributes with regard to internal data structures within the information system (see AC-16, Security Attributes). Removable information system media includes both digital media (e.g., diskettes, magnetic tapes, external/removable hard drives, flash/thumb drives, compact disks, digital video disks) and non-digital media (e.g., paper, microfilm). An organizational assessment of risk guides the selection of media requiring marking. Marking is generally not required for media containing information determined by the organization to be in the public domain or to be publicly releasable. Some organizations, however, may require markings for public information indicating that the information is publicly releasable. Organizations may extend the scope of this control to include information system output devices containing organizational information, including, for example, monitors and printers. Marking of removable media and information system output is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

enhancements to the base objective:

(1) None.

mapping to FIPS199 baseline:

  LOW: null     MOD: null     HIGH: base  

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for MP-03:

Document Date Status Title
FIPS 199 February, 2004 current   Standards for Security Categorization of Federal Information and Information Systems

Search SP800-53rev3 catalog: