Media Access Control

Limit physical access to media storage areas, ensuring that only authorized personnel can enter.Implement security measures (e.g., locks, access controls) to prevent unauthorized access to media storage locations.

Media Handling

Label and inventory all media to maintain accountability and facilitate tracking. Implement procedures for the secure handling, transportation, and storage of media, including during off-site or third-party transfers. Protect media during transit by using tamper-evident seals or other appropriate safeguards.

Media Storage

Store media in secure, controlled environments that protect against theft, unauthorized access, and environmental hazards (e.g., fire, water damage). Implement physical security controls, such as secure storage cabinets, locked rooms, or restricted access areas. Ensure that storage facilities are equipped with appropriate environmental controls, including temperature and humidity monitoring.

Media Disposal

Develop and follow procedures for the proper disposal of media at the end of its lifecycle or when it is no longer needed. Use secure methods to erase or destroy media, such as cryptographic erasure, physical destruction (e.g., shredding), or degaussing for magnetic media. Document the disposal process, including the date, method, and verification of media destruction.

Media Backup and Restoration

Establish procedures for secure and regular backup of CJI-containing media to protect against data loss. Test backup restoration procedures periodically to ensure data integrity and the ability to recover data when needed.

Media Retention

Define retention periods for CJI-containing media based on applicable legal, regulatory, and organizational requirements. Implement controls to prevent unauthorized alteration, deletion, or modification of stored media during its retention period.

Media Transfer

Encrypt media during transit or shipment to protect against unauthorized access or interception. Use secure and trusted courier services or established secure transportation protocols when transferring media externally.

Media Accountability and Auditing

Maintain accurate and up-to-date records of media inventory, including tracking media movements, transfers, and disposal. Conduct periodic audits to verify the physical security of media storage areas, including inspections of media inventory and access controls.

Adhering to these media protection requirements helps ensure the confidentiality, integrity, and availability of Criminal Justice Information stored on physical media. Compliance with these guidelines is essential for entities accessing and handling CJI to maintain the security and trustworthiness of sensitive law enforcement data.

We Provide a Full Life Cycle of Solutions for FBI CJIS Policy Compliance

• Gap Assessments
• Policies and Procedures Writing
• Independent CJIS Security Assessments
• CJIS Specific Continuous Monitoring Programs