Media Controls (PS-08-026)

• PS-08-026 Media Controls
• Issue Date: 3/20/2008
• Review Date:08/30/2024

Purpose

Media controls include a variety of measures to provide physical and environmental protection and accountability for removable or mobile media, regardless of its physical form, whether paper or digital, including but not limited to printouts, laptops, PDAs, removable storage devices, etc.  Media controls should be designed to prevent the loss of confidentiality, integrity, or availability of information, including data or software when stored outside the agency’s physical or logical security boundaries of the system and/or facility.

Scope and Authority

• O.C.G.A 50-25-4(a)(10), State Government, Georgia Technology, General Powers
• O.C.G.A 50-25-4(a)(21), State Government, Georgia Technology, General Powers
• PM-04-001, Information Technology Policies, Standards and Guidelines
• PS-08-005, Enterprise Information Security Policy

Terms and Definitions

System Media: any form of data or software stored outside the security boundaries of the system including but not limited to; paper printouts, tapes, diskettes, flash memory drives (i.e. USB, jump, thumb), internal hard drives, laptops, PDAs, CDs, DVDs, etc.

Policy

Agencies shall establish physical and logical controls and procedures that protect system media (paper or digital), from unauthorized access, modification, destruction or loss.  The extent of media controls shall be dependent upon factors including but not limited to; the type of data, the quantity of media, and the nature of the user environment.

Related Enterprise Policies, Standards, and Guidelines

• Media Protection and Handling (SS-08-043)
• Surplus Electronic Media Disposal (SS-08-034)
• Media Sanitization – Vendor Return (SS-08-035)
• Data Security – Electronic Records (SS-08-003)

References

• NIST SP 800-12 An Introduction to Information Security