Home
Certification Preparation
General Certification
policy question
tedjames
Based on the NIST 800-53
controls catalog
, where would you place a clean desk policy? MP - Media Protection, perhaps?
Find more posts tagged with
Comments
tedjames
Sorry, should have put this in Off Topic.
paul78
I've always treated it as a Physical and Environmental control.
tedjames
Good point. This appears to be one of those grey areas that could apply in several places.
soccarplayer29
There isn't a requirement for a clean desk policy.
MP-1: requires policies/procedures related to applicable media protection, storage, destruction, etc.
MP-4: the physical control/protection of system information
It could also be related to rules of behavior (PL-4) or access agreements (PS-6).
tedjames
Thanks. There may not be a NIST requirement, but my CISO (and likely his boss) wants it. Like I said, it appears to be related to several existing policies.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of