Media Controls (PS-08-026)
PS-08-026 Media Controls
Issue Date: 3/20/2008
Revision Effective Date: 3/20/2008
Review Date: 12/1/2020
Media controls include a variety of measures to provide physical and environmental protection and accountability for removable or mobile media, regardless of its physical form, whether paper or digital, to include but not limited to printouts, laptops, PDAs, removable storage devices, etc. Media controls should be designed to prevent the loss of confidentiality, integrity, or availability of information, including data or software, when stored outside the agency’s physical or logical security boundaries of the system and/or facility.
Agencies shall establish physical and logical controls and procedures that protect system media (paper or digital), from unauthorized access, modification, destruction or loss. The extent of media controls shall be dependent upon factors including but not limited to; the type of data, the quantity of media, and the nature of the user environment.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
NIST SP 800-12 Introduction to Computer Security NIST Handbook (Media Protection)
TERMS and DEFINITIONS
System Media – any form of data or software stored outside the security boundaries of the system including but not limited to; paper printouts, tapes, diskettes, flash memory drives (i.e. USB, jump, thumb), internal hard drives, laptops, PDAs, CDs, DVDs, etc.