PS-7 – Media Inspection

What is this control about?

Implementing the ‘Media Inspection’ control is crucial for maintaining information security and protecting sensitive data within an organization. This control focuses on conducting thorough inspections/analysis of all hardware media devices, such as USB drives, external hard drives, optical discs, and other portable storage media, to ensure they do not contain malicious content, unauthorized data, or potential security threats.

Available tools in the marketplace

Tools

MalwareBytes Informatica Precisely

Available templates

 

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• Hardware Media Inspection Policy Template

Control implementation

In general, for this control, you need regular scanning of hardware media though the use of tools and well-trained personnel to respond effectively in the event of a threat. Specifically, you can consider the following: 

• Policy Development: Start by developing a comprehensive “Media Protection Policy” that outlines the rules, procedures, and guidelines for inspecting all media devices entering or leaving the organization’s premises. The policy should cover the purpose of the inspection, the frequency of inspections, and the responsibilities of personnel involved.
• Authorized Media Device List: Create an authorized media device list that specifies the types of media devices permitted within the organization. This list should include approved brands and models of USB drives, external hard drives, optical discs, and other portable media.
• Inspection Procedure: Develop a detailed procedure for media inspection that clearly outlines the steps to be followed during the inspection process. This should include physical inspection, malware scanning, and data verification procedures.
• Configure malware and or data verification tools: invest in reputable malware scanning software capable of detecting and removing malicious content from media devices. Acquire data verification tools that can confirm the integrity of data on media devices. This helps ensure that data has not been altered or corrupted during transit.
• Inspection Training for Personnel: Provide thorough training to personnel responsible for conducting media inspections. Training should cover inspection procedures, the use of inspection tools, and how to handle different types of media devices. Retain  detailed logs and documentation of all media inspections performed. These records should include information about the date, time, personnel involved, and the results of each inspection.
• Incident Handling and Reporting: Develop an incident handling and reporting process in case suspicious or unauthorized content is found during inspections. Outline the steps to be taken and the responsible parties to address any potential security incidents.
• Continuous Monitoring and Improvement: Implement continuous monitoring and periodic reviews of the media inspection process. Use the insights gained from monitoring to improve the effectiveness and efficiency of the control.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action.

1. A documented Hardware media inspection policy
2. Hardware Media scanning configuration
3. Hardware Media scanning report example

Evidence example

For the suggested action, an example is provided below:

• A documented Hardware media inspection policy

Use the Hardware Media Inspection Policy Template

• Hardware Media scanning configuration.

Screenshot source:

• Hardware Media scanning report example

Screenshot source: