When transferring data manually between two systems belonging to different security domains, write-once media is used unless the destination system has a mechanism through which read-only access can be ensured.
Topic
Using media for data transfers
Applicable to
all
History
Priority
should not
Apr 2021
When transferring data manually between two systems belonging to different security domains, write-once media is used unless the destination system has a mechanism through which read-only access can be ensured.
Security control 0347 was amended to note that write-once media doesn’t need to be used as long as the destination system has a mechanism through which read-only access can be ensured.
Mar 2021
When transferring data manually between two systems belonging to different security domains, write-once media is used.
2015
Agencies transferring data manually between two systems of different security domains,sensitivities or classifications should not use rewriteable media.
2010
Agencies transferring data manually between two systems of different security domains or classificationsshould not use rewriteable media.
2008
Agencies transferring data manually between two systems should use: a. a previously unused piece of media b. a pool of media items used only for data transfer between the two relevant systems or c. a media item which has been sufficiently sanitised to permit its reuse on the less classified of the systems between which the data transfer is occurring.