The Chief Information Officer should ensure that the Cybersecurity function validates that all required NIST physical and environmental protection and media protection controls are implemented.