Media Controls (PS-08-026)
Topics:
PS-08-026 Media Controls
Issue Date: 3/20/2008
Review Date: 12/1/2023
PURPOSE
Media controls include a variety of measures to provide physical and environmental protection and accountability for removable or mobile media, regardless of its physical form, whether paper or digital, including but not limited to printouts, laptops, PDAs, removable storage devices, etc. Media controls should be designed to prevent the loss of confidentiality, integrity, or availability of information, including data or software when stored outside the agency’s physical or logical security boundaries of the system and/or facility.
SCOPE and AUTHORITY
O.C.G.A 50-25-4(a)(10) – State Government, Georgia Technology, General Powers
O.C.G.A 50-25-4(a)(21) - State Government, Georgia Technology, General Powers
PM-04-001 – Information Technology Policies, Standards and Guidelines
PS-08-005 – Enterprise Information Security Charter
TERMS AND DEFINITIONS
System Media – any form of data or software stored outside the security boundaries of the system including but not limited to; paper printouts, tapes, diskettes, flash memory drives (i.e. USB, jump, thumb), internal hard drives, laptops, PDAs, CDs, DVDs, etc.
POLICY
Agencies shall establish physical and logical controls and procedures that protect system media (paper or digital), from unauthorized access, modification, destruction or loss. The extent of media controls shall be dependent upon factors including but not limited to; the type of data, the quantity of media, and the nature of the user environment.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
Media Protection and Handling (SS-08-043)
Surplus Electronic Media Disposal (SS-08-034)
Media Sanitization – Vendor Return (SS-08-035)
Data Security – Electronic Records (SS-08-003)
REFERENCES
NIST SP 800-12 (chapter 14) Introduction to Computer Security NIST Handbook