+ Reply to Thread
Results 1 to 6 of 6

Thread: policy question

  1. Surf Guitar Guy tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    508

    Certifications
    SSCP, Security+ +4
    #1

    Default policy question

    Based on the NIST 800-53 controls catalog, where would you place a clean desk policy? MP - Media Protection, perhaps?
    Reply With Quote Quote  

  2. SS -->
  3. Surf Guitar Guy tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    508

    Certifications
    SSCP, Security+ +4
    #2
    Sorry, should have put this in Off Topic.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Feb 2012
    Posts
    2,426
    #3
    I've always treated it as a Physical and Environmental control.
    Reply With Quote Quote  

  5. Surf Guitar Guy tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    508

    Certifications
    SSCP, Security+ +4
    #4
    Good point. This appears to be one of those grey areas that could apply in several places.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Feb 2015
    Location
    The Interwebs
    Posts
    156

    Certifications
    PMP, CISSP, CISA
    #5
    There isn't a requirement for a clean desk policy.

    MP-1: requires policies/procedures related to applicable media protection, storage, destruction, etc.

    MP-4: the physical control/protection of system information

    It could also be related to rules of behavior (PL-4) or access agreements (PS-6).
    Reply With Quote Quote  

  7. Surf Guitar Guy tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    508

    Certifications
    SSCP, Security+ +4
    #6
    Thanks. There may not be a NIST requirement, but my CISO (and likely his boss) wants it. Like I said, it appears to be related to several existing policies.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks