Digital Media Protection OLD

NIST defines media as Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, Large-Scale Integration (LSI) memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within a system.

The diagram below details the specifics of options for Digital Media:

Media Protection Guidance

Note: All solutions for Physical Control Options require users listed on the SSP to match those with access to systems in-scope.

Presented in another way, this matrix provides a little more insight on the expectation:

Media Protection Guidance - MatrixMedia Protection Guidance - Matrix Key

* Encryption on desktop will cause additional support overhead on desktop systems for which it is installed due to a lower probability for portability.
** Encryption and physical controls offer equivalent protection on their own, and you need only choose one to be compliant.