Media is used with systems in a controlled and accountable manner.

]]> This section covers information on using media with systems. Further information on using media to transfer data between systems can be found in Section 20.1 - Data Transfers.

]]> Relevant PSR requirements can be found at:

Reference Title Source

PSR Mandatory Requirements

GOV3, INFOSEC1, INFOSEC2, INFOSEC3, INFOSEC4, PHYSEC1 and PHYSEC2

Home | Protective Security Requirements

Security governance (GOV) | Protective Security Requirements

Information security (INFOSEC) | Protective Security Requirements   

Physical security (PHYSEC) | Protective Security Requirements
]]> To prevent classified data spills agencies will need to prevent classified media from being connected to, or used with, systems of a lesser classification than the protective marking of the media.

]]> Where media is used for backup purposes, the media will be certified for use at the highest level of classification to be backed-up. Refer also to Section 6.4 – Business Continuity and Disaster Recovery.

]]> Agencies MUST NOT use media containing classified information with a system that has a classification lower than the classification of the media.

]]> The security requirements for storage and physical transfer of classified information and IT equipment are specified in the PSR Policy Framework - Physical Security.

]]> Agencies MUST ensure that storage facilities for media containing classified information meets the minimum physical security storage requirements as specified in the PSR Policy Framework - Physical Security.

]]> Some operating systems provide functionality to automatically execute or read certain types of programs that reside on optical media and flash memory media when connected. While this functionality was designed with a legitimate purpose in mind, such as automatically loading a graphical user interface for the system user to browse the contents of the media, or to install software residing on the media, it can also be used for malicious purposes.

]]> An attacker can create a file on optical media or a connectable device that the operating system will attempt to automatically execute.  When the operating system executes the file, it can have the same effect as when a system user explicitly executes malicious code.  The operating system executes the file without asking the system user for permission.

]]> Some operating systems will cache information on media to improve performance. As such, inserting media of a higher classification into a system of a lower classification could cause data to be read and saved from the device without user intervention.

]]> Using device access control software will prevent unauthorised media from being attached to a system. Using an allow listing approach gives security personnel greater control over what can, and what cannot, be connected to the system.

]]> Agencies MUST disable any automatic execution features within operating systems for connectable devices and media.

]]> Agencies MUST prevent unauthorised media from connecting to a system via the use of:

  • device access control software;
  • seals;
  • physical means; or 
  • other methods approved by the Accreditation Authority.
]]> When writable media is connected to a writable communications port or device, agencies SHOULD implement controls to prevent the unintended writing of data to the media.

]]> Known vulnerabilities have been demonstrated where attackers can connect a FireWire capable device to a locked workstation and modify information in RAM to gain access to encryption keys. Furthermore, as FireWire provides direct access to the system memory, an attacker can read or write directly to memory.

]]> The best defence against this vulnerability is to disable access to FireWire ports using either software controls or physically disabling the FireWire ports so that devices cannot be connected. Alternatively select equipment without FireWire capability.

]]> Agencies MUST disable IEEE 1394 interfaces.

]]> Agencies SHOULD disable IEEE 1394 interfaces.

]]> As media is often transferred through areas not certified to process the level of classified information on the media, additional protection mechanisms need to be implemented.

]]> Applying encryption to media may reduce the requirements for storage and physical transfer as outlined in the PSR. The reduction of any requirements is based on the original classification of information residing on the media and the level of assurance in the cryptographic product being used to encrypt the media.

]]> Further information on reducing storage and physical transfer requirements can be found in Section 17.1 - Cryptographic Fundamentals.

]]> Agencies MUST ensure that processes for transferring media containing classified information meets the minimum physical transfer requirements as specified in the PSR.

]]> Agencies SHOULD encrypt data stored on media with at least an Approved Cryptographic Algorithm (See Section 17.2 – Approved Cryptographic Algorithms) if it is to be transferred to another area or location.

]]> Agencies transferring data between systems of different security domains or classifications are strongly encouraged to use media such as write-once CDs and DVDs. This will limit opportunity for information from the higher classified systems to be accidently transferred to lower classified systems. This procedure will also make each transfer a single, auditable event.

]]> Data transfers between systems of different classification SHOULD be logged in an auditable log or register.

]]> Agencies transferring data manually between two systems of different security domains or classifications SHOULD NOT use rewriteable media.

]]> Certain types of media including USB, FireWire and eSATA capable devices MUST be disabled or explicitly approved as an exception by the Accreditation Authority for a TOP SECRET environment (the GCSB). This provides an additional level of system user awareness and security.

]]> This practice should be used in addition to device access control software on workstations in case system users are unaware of, or choose to ignore, security requirements for media.

]]> Agencies MUST NOT permit any media that uses external interface connections within a TOP SECRET area without prior written approval from the Accreditation Authority.

]]>