What is the intent of classifying media that contains cardholder data?

 Purpose of Classifying Media

PCI DSS v4.0 emphasizes the need to classify media based on the sensitivity of the data it contains. Media classification ensures appropriate handling, storage, and destruction processes​​.

 Media Protection Requirements

Media containing cardholder data must be securely stored, transferred, and destroyed when no longer needed.

Classification informs the level of protection required, such as encryption, physical security, or controlled access​​.

 Incorrect Options

Option B: Moving media quarterly is not a requirement.

Option C: Labeling as "Confidential" is insufficient without a comprehensive protection strategy.

Option D: Destruction schedules should depend on retention requirements and data sensitivity, not a universal timeline.