Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5.3. Data/Media Protection<br />
The following are the Non-Mandatory Procedures that support the Data/Media<br />
Protection section <strong>of</strong> the Default Security Requirements:<br />
5.3.1. Securely Handle Data and Media<br />
Agencies should protect data while it is in system, both in storage and use, as<br />
well as out <strong>of</strong> system in media, in both storage and transit:<br />
5.3.1.1 Configure Transmissions for Confidentiality and Integrity<br />
Ensure both the integrity and confidentiality <strong>of</strong> electronic data<br />
transmissions through the use <strong>of</strong> cryptography. Cryptographic<br />
solutions must meet established standards.<br />
5.3.1.2 Validate Data Inputs<br />
Integrity <strong>of</strong> data stored by the information system is to be ensured<br />
through the use <strong>of</strong> controls on data input:<br />
• Configure systems to restrict and manage data input.<br />
5.3.1.3 Restrict Access to Media<br />
Media, in all forms, is on <strong>of</strong>fline storage mechanism for data and, as<br />
such, must be protected in a manner equivalent to the data that it<br />
stores:<br />
• Where possible, protect media output devices from<br />
inappropriate access by placing them in secure locations:<br />
• Control access to media output devices placed in secure<br />
locations by requiring identified and authenticated access to<br />
those locations.<br />
• Where media output devices cannot be placed in secure<br />
locations, configure those devices to output media only when<br />
attended.<br />
• Disable local media output devices that cannot be configured<br />
to only output media when attended.<br />
5.3.1.4 Ensure Media is Securely Stored<br />
Protect any outputted media from inappropriate access by storing it<br />
securely at all times:<br />
• Place all media in locked cabinets and place those cabinets in<br />
controlled access locations.<br />
• Maintain a media access log.<br />
5.3.1.5 Ensure Media is Securely Transported<br />
Protect during transportation data that has been output to media by<br />
tracking and controlling access to that media at all times:<br />
• Before allowing media to be transported, verify that a copy <strong>of</strong><br />
the data stored on the media exists elsewhere.<br />
16