Media Controls

Topics: 

PS-08-026 Media Controls

Issue Date:  3/20/2008

Revision Effective Date:  3/20/2008

Review Date: 7/1/2018

 

PURPOSE

Media controls include a variety of measures to provide physical and environmental protection and accountability for removable or mobile media, regardless of its physical form, whether paper or digital, to include but not limited to printouts, laptops, PDAs, removable storage devices, etc.  Media controls should be designed to prevent the loss of confidentiality, integrity, or availability of information, including data or software, when stored outside the agency’s physical or logical security boundaries of the system and/or facility.

POLICY

Agencies shall establish physical and logical controls and procedures that protect system media (paper or digital), from unauthorized access, modification, destruction or loss.  The extent of media controls shall be dependent upon factors including but not limited to; the type of data, the quantity of media, and the nature of the user environment.

 

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

Media Protection and Handling (SS-08-043)

Surplus Electronic Media Disposal (SS-08-034)

Media Sanitization – Vendor Return (SS-08-035)

Data Security – Electronic Records (SS-08-003)

REFERENCES

NIST SP 800-12 (chapter 14) Introduction to Computer Security NIST Handbook

TERMS and DEFINITIONS

System Media – any form of data or software stored outside the security boundaries of the system including but not limited to; paper printouts, tapes, diskettes, flash memory drives (i.e. USB, jump, thumb), internal hard drives, laptops, PDAs, CDs, DVDs, etc.