Organizational Security Policy

Policy is the First Step in Implementing Cybersecurity

Media Protection

POL.MP.L2-3.8.1

All CLIENT employees and contractors with employee-like access shall protect (i.e., physically control and securely store) system media containing CUI, both paper and digital. CUI assets are to be controlled per procedure: PRO.MP.L2-3.8.1.

POL.MP.L2-3.8.2

CLIENT shall limit access to CUI on system media to authorized users, who shall be assigned based on need-to-know and most restrictive methodologies. System media shall be controlled per procedure: PRO.MP.L2-3.8.2

POL.MP.L2-3.8.3

All media of any kind containing CUI shall be sanitized before disposal or release for reuse. Methods of sanitization shall be consistent with NIST SP800-88r1 or its successor.

For CPE/SPE included media (Backup HDD or USB sticks), please insert the device into an available USB port on the FRONT of the CPE and request that we sanitize it for you via Signal Messenger. We will report back to you when the sanitization is complete.

Write-once media such as CDs etc, must be destroyed as there is no way to sanitize these types of media. Planet Security, Inc. will destroy the media at no additional cost to CLIENT if prepaid, mailed/shipped to:

Planet Security Inc.

5325 S Fort Apache Rd. Suite D2

Las Vegas, NV 89148

Please include a note describing the request with an authorized signature. We will contact CLIENT management via Signal Messenger to verify the request. We will certify the destruction of the media once complete.

POL.MP.L2-3.8.4

The executive management, or designee shall ensure that all media containing CUI is marked indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information. CUI marking criteria are defined on this site, under the menu item titled the same.

The term "media" includes both digital and non-digital media. Digital media includes, for example, diskettes, magnetic tapes, external/removable hard disk drives, flash drives, compact disks, and digital video disks. Non-digital media includes, for example, paper and microfilm. Security marking shall not be required for media containing information determined to be in the public domain or to be publicly releasable. Marking of information system media reflects applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

POL.MP.L2-3.8.5

All CLIENT personnel who are responsible for transporting media containing CUI outside of controlled areas shall be accountable for maintaining the confidentiality of such media. In the event of compromise, notification shall be made to the executive management within 24 hours of discovery who will decide if reporting to the DIBNET is required. If additional assistance is needed, reach out to your Planet Security, Inc. engineering support team via Signal Messenger.

POL.MP.L2-3.8.6

CUI shall be FIPS encrypted to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.

POL.MP.L2-3.8.7

Only Planet Security, Inc. supplied removable media shall be used with the CPE/SPE. Both the supplied Hard Drive (Backups) and USB "Flash Drive" provide FIPS validated encryption at all times unless in an unlocked state by the CLIENT.

POL.MP.L2-3.8.8

Only Planet Security, Inc. supplied removable media shall be used with the CPE/SPE. Both the supplied Hard Drive (Backups) and USB "Flash Drive" provide FIPS validated encryption at all times unless in an unlocked state by the CLIENT. You will find these drives MARKED by Planet Security, Inc. for the appropriate usage.

POL.MP.L2-3.8.9

Backup drives for use in the CPE/SPE exclusively use FIPS encryption. These devices are the exclusive method of "Backup". All other methods are prohibited.


For questions regarding this Information Security Policy, please reach out to your Planet Security, Inc. Support Engineers using Signal.