Back

Physically secure printed records.


CONTROL ID
11778
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Records management, CC ID: 00902

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Protection of information confidentiality should be in place regardless of the media (including paper and electronic media) in which the information is maintained. AIs should ensure that all media are adequately protected, and establish secure processes for disposal and destruction of sensitive info… (3.1.3, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • It is necessary to store important printed forms in designated places. The forms used in the event of failure or disaster are preferably stored in a proper cabinet with a lock and key in a fire preventive section. If no fire preventive section is available, store data files in a fireproof safe or fi… (P68.3., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • The entity has implemented policies and procedures that restrict physical access to the entity's data centers, office spaces, documents, work areas and facilities based on an individual's needs for access, prior authorizations from a facility or system owner, and after the identity of each individua… (S7.2 Managing physical access, Privacy Management Framework, Updated March 1, 2020)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (§ 9.5, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance; Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced, Version 3.1)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance; Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced, Version 3.2)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B and Attestation of Compliance, Verions 3.2)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.1)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.2)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.2)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.1)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.2)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire P2PE and Attestation of Compliance, Version 3.1)
  • Are all media physically secured (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes)? (9.5, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire P2PE and Attestation of Compliance, Version 3.2)
  • The controls and security measures in this document also apply to CJI in physical (printed documents, printed imagery, etc.) form. Physical media shall be protected at the same level as the information would be protected in electronic form. (§ 5.8.2.2 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Media assets include removable media and devices such as floppy disks, CDs, DVDs and USB memory sticks, as well as printed reports and documents. Physical security controls should address specific requirements for the safe and secure maintenance of these assets and provide specific guidance for tran… (§ 6.2.10 ICS-specific Recommendations and Guidance ¶ 1, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Reasonable restrictions on physical access to personal information in paper format and storage of such data in locked facilities, storage areas or containers; (§ 38a-999b(b)(2)(I), Connecticut General Statutes Title 38a, Chapter 705, Section 38a - 999b, Comprehensive information security program to safeguard personal information. Certification. Notice requirements for actual or suspected breach. Penalty.)