July 20, 2023 3 min read

NIST 800-53, Rev. 5 Media Protection (MP) Policy Templates

NIST 800-53 provides guidance on media protection controls, which are crucial for safeguarding and protecting both digital and physical media that contain sensitive information. Media protection controls help prevent unauthorized access, disclosure, alteration, and destruction of information stored on various types of media. Here are key aspects of media protection as addressed in NIST 800-53:

  • Media Protection Policy and Procedures: Organizations should develop and implement a media protection policy that defines the objectives, scope, roles, and responsibilities for managing media protection activities. Procedures should be established to guide personnel on the proper handling, storage, transportation, and disposal of media.
  • Media Access Control: Organizations should establish access control mechanisms to limit access to media and ensure that only authorized individuals can retrieve, use, or modify the information stored on media. This can include physical controls such as locked cabinets or access-controlled areas, as well as logical controls such as passwords, encryption, or biometric authentication.
  • Media Handling and Storage: Proper handling and storage procedures should be implemented to protect media from physical damage, theft, or unauthorized access. This includes secure storage areas, locked cabinets, controlled access to media rooms, and secure containers for portable media. Media should be labeled with appropriate markings to indicate its sensitivity and handling requirements.
  • Media Transport: When media needs to be transported outside of secure areas, organizations should implement procedures to protect it from loss, theft, or damage during transit. This can include secure courier services, encryption of sensitive data during transport, and tracking mechanisms to monitor the movement of media.
  • Media Sanitization and Disposal: When media is no longer needed or reaches the end of its life cycle, proper sanitization and disposal procedures should be followed to prevent unauthorized access to sensitive information. This can involve physical destruction, degaussing, or secure erasure techniques based on the type of media.
  • Media Accountability and Inventory: Organizations should maintain accurate and up-to-date records of media inventory, including the identification, location, and status of all media assets. Regular inventories and audits should be conducted to ensure media accountability and identify any discrepancies or missing media.
  • Media Backup and Recovery: Organizations should establish procedures for backing up and recovering data stored on media. This includes regular and secure backups of critical information, verification of backup integrity, and testing of recovery procedures to ensure data can be restored in the event of a media failure or data loss incident.
  • Media Retention: Organizations should establish retention policies that define the duration for which media should be retained based on legal, regulatory, and business requirements. Retention periods should consider factors such as data sensitivity, data classification, and applicable privacy or data protection regulations.

How to Get Started

Start by downloading our world-class NIST RMF Security and Privacy Policies and Procedures templates at the Arlington Security Portal (ASP), which includes access to our access control policy and procedures template, and other additional documents required for the Access Control (AC) family within NIST SP 800-53. .

How Arlington Can Help

We have years of experience working within the broader federal agency apparatus in helping federal contractors develop high-quality, well-written, policies and procedures and additional NIST RMF information security and privacy materials. Our NIST RMF information security and privacy policies, procedures, programs, and plans have been used by thousands of federal contractors in helping organizations develop customized documentation for their growing security and compliance needs.

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.