scope:

Removable media consists of portable devices that copy, save, store and/or move data from one system to another. All FAA employees and contractors who are connecting portable external memory devices (i.e., Universal Serial Bus (USB)) to the organizational network must ensure that all security processes normally used in the system and data management on conventional storage infrastructure are also applied here. This removable media security policy applies to, but is not limited to, all removable devices which would allow the transfer of FAA data either externally or internally such as:

a. Any hardware that provides connectivity to USB devices through means such as wireless (WiFi, WiMAX, MiFi, irDA, Bluetooth, among others) or wired network access

b. Removable memory based media (e.g., USB memory devices/readers, removable hard drives, flash drives, thumb drives, jump drives, key drives, rewritable DVDs, CDs, and floppy disks)

c. Memory cards (e.g., SD, CompactFlash, miniSD, microSD, and xD cards) which can be used to support a data storage function on digital cameras, PDAs and smart phones, MP3 and MPEG devices

Purpose of This Order. This Order establishes the security policy for removable media to protect the confidentiality, integrity and availability of the Federal Aviation Administration's (FAA) information and information systems. This Order establishes the principles and working practices to be adopted by all users in order for data to be securely stored, transported and transferred on removable media. This Order does not address the budget impact to the Lines of Businesses and Staff Offices (LOBs/SOs) to implement this policy.