FBI CJIS Security Policy Media Protection Requirements
The FBI CJIS Security Policy includes specific requirements for the protection of media containing Criminal Justice Information (CJI). Media protection aims to safeguard physical storage devices, such as hard drives, tapes, DVDs, USB drives, and other portable media, that store or transport CJI. Here are some key media protection requirements outlined in the CJIS Security Policy:
Media Access Control
Limit physical access to media storage areas, ensuring that only authorized personnel can enter.Implement security measures (e.g., locks, access controls) to prevent unauthorized access to media storage locations.
Media Handling
Label and inventory all media to maintain accountability and facilitate tracking. Implement procedures for the secure handling, transportation, and storage of media, including during off-site or third-party transfers. Protect media during transit by using tamper-evident seals or other appropriate safeguards.
Media Storage
Store media in secure, controlled environments that protect against theft, unauthorized access, and environmental hazards (e.g., fire, water damage). Implement physical security controls, such as secure storage cabinets, locked rooms, or restricted access areas. Ensure that storage facilities are equipped with appropriate environmental controls, including temperature and humidity monitoring.
Media Disposal
Develop and follow procedures for the proper disposal of media at the end of its lifecycle or when it is no longer needed. Use secure methods to erase or destroy media, such as cryptographic erasure, physical destruction (e.g., shredding), or degaussing for magnetic media. Document the disposal process, including the date, method, and verification of media destruction.
Media Backup and Restoration
Establish procedures for secure and regular backup of CJI-containing media to protect against data loss. Test backup restoration procedures periodically to ensure data integrity and the ability to recover data when needed.
Media Retention
Define retention periods for CJI-containing media based on applicable legal, regulatory, and organizational requirements. Implement controls to prevent unauthorized alteration, deletion, or modification of stored media during its retention period.
Media Transfer
Encrypt media during transit or shipment to protect against unauthorized access or interception. Use secure and trusted courier services or established secure transportation protocols when transferring media externally.
Media Accountability and Auditing
Maintain accurate and up-to-date records of media inventory, including tracking media movements, transfers, and disposal. Conduct periodic audits to verify the physical security of media storage areas, including inspections of media inventory and access controls.
Adhering to these media protection requirements helps ensure the confidentiality, integrity, and availability of Criminal Justice Information stored on physical media. Compliance with these guidelines is essential for entities accessing and handling CJI to maintain the security and trustworthiness of sensitive law enforcement data.
We Provide a Full Life Cycle of Solutions for FBI CJIS Policy Compliance
- Gap Assessments
- Policies and Procedures Writing
- Independent CJIS Security Assessments
- CJIS Specific Continuous Monitoring Programs
- Years of FBI CJIS Expertise all throughout North America
- Customized Documentation for Policies and Procedures, and more
- Industry Leading FBI CJIS Testing and Reporting Matrix Template