Professional Documents
Culture Documents
[Company Name]
Document Owner:
Effective Date:
Updated:
Disclaimer: This sample policy has been provided by Apptega, Inc. as a generic document to support the
development of your compliance program. It is unlikely to be complete for your organization without
customization. This document is not legal advice and Apptega is not a registered CPA firm.
Media Protection Policy
Version 1.0
[Updated Date]
[Company Name]
Media Protection Policy
Effective Date: Document Owner:
Revision History
Revision Rev. Date Description Prepared By Reviewed By Date Approved By Date
1.0
1. Overview.............................................................................................................................................1
2. Purpose................................................................................................................................................2
3. Scope...................................................................................................................................................2
4. Policy...................................................................................................................................................2
4.1............................................................................................................................................................2
4.2............................................................................................................................................................2
4.3............................................................................................................................................................2
4.4............................................................................................................................................................2
4.5............................................................................................................................................................2
4.6............................................................................................................................................................2
4.7............................................................................................................................................................2
4.8............................................................................................................................................................3
4.9............................................................................................................................................................3
5. Audit Controls and Management........................................................................................................3
6. Enforcement........................................................................................................................................3
7. Distribution..........................................................................................................................................3
8. Related Standards, Policies, and Processes.........................................................................................3
9. Related Sub controls............................................................................................................................3
10. Definitions and Terms......................................................................................................................4
1. Overview
Media protection addresses the security measures relating to the protection of
<Company> owned media both digital and non-digital. Media protections should be
CONFIDENTIAL
Media Protection Policy
Version 1.0
[Updated Date]
2. Purpose
This policy provides procedures and protocols supporting an effective management of
configurations for all company devices and systems.
3. Scope
This policy applies to all company officers, directors, employees, agents, affiliates,
contractors, consultants, advisors or service providers. It is the responsibility of all the
above to familiarize themselves with this policy and ensure adequate compliance with
it.
4. Policy
4.1
It is the responsibility of <Company> to physically control and securely store any
paper and/or digital media.
4.2
Access to CUI on system media is to be limited to authorized users.
4.3
Media containing CUI must be sanitized prior to disposal or re-use.
4.4
Media containing CUI is to be marked with applicable CUI markings, and
distribution limitation markings.
4.5
Access to media containing CUI is to be controlled, and accountability for media
during transport outside of controlled areas is to be maintained.
4.6
Cryptographic mechanisms should be implemented to protect the confidentiality
of CUI stored on any digital media during transport. Alternatively physical
safeguards may be used instead.
4.7
<Company> controls the use of removable media on system components.
CONFIDENTIAL
Media Protection Policy
Version 1.0
[Updated Date]
4.8
The use of portable storage devices are prohibited when the device owner cannot be
identified.
4.9
Any media backups containing CUI is to be protected at storage locations under
strict confidentiality.
6. Enforcement
Staff members found in policy violation may be subject to disciplinary action, up to and
including termination.
7. Distribution
This policy is to be distributed to all staff.
CONFIDENTIAL
Media Protection Policy
Version 1.0
[Updated Date]
CONFIDENTIAL