Media Protection Policy and Procedures
Media Protection Policy for 18F
Agency Media Protection Policy. Media Protection Policy is included in CIO P 2100.1 - GSA IT Security Policy, Chapter 4. Policy on Operational Controls. It states, "All GSA data from information system media, both digital and non-digital must be sanitized in accordance with methods described in IT Security Procedural Guide: Media Protection Guide, OCIO-IT Security-06-32, before disposal or transfer outside of GSA. GSA OCISO ISP also defined agency-wide media protection procedures in IT Security Procedural Guide: Media Protection Guide (CIO-IT Security-06-32) 18F follows the GSA Media Protection policy for its information systems hosted within GSA facilities. The Cloud.Gov information system is hosted with the AWS GovCloud and will be in purview of the hosting site’s Media Protection policy and procedures.
The GSA Office of the CISO is responsible for reviewing and updating the above documents annually, and notifying System Program Managers and Information System Security Officers and Managers (ISSO/Ms). The GSA OCISO has determined MP-1 to be an Enterprise-Wide Common Control and is provided by the OCISO ISP. For specific details, please refer to the GSA IT FY-15 Information Security Program Plan Version 1.0.