MPAA Site Security Program CONTENT SECURITY BEST PRACTICES SCREENER DIGITAL TRANSFER SERVICES Version 1.0 December 31, 2011
DOCUMENT HISTORY Version Date Description Author 1.0 December 31, 2011 Initial Public Release PwC LLP MPAA MPAA Member Companies
TABLE OF CONTENTS I. Best Practices Overview 2 II. Overview 3 III. s Best Practice Guidelines 4 Appendix A Glossary 7 Page 1
I. BEST PRACTICES OVERVIEW Introduction For more than three decades, the Motion Picture Association of America, Inc. (MPAA) has managed site security inspections on behalf of its Member Companies (Members): Walt Disney Studios Motion Pictures; Paramount Pictures Corporation; Sony Pictures Entertainment Inc.; Twentieth Century Fox Film Corporation; Universal City Studios LLC; and Warner Bros. Entertainment Inc. The MPAA is committed to protecting the rights of those who create entertainment content for audiences around the world. From creative arts to the software industry, more and more people make their living based on the power of their ideas. This means there is a growing stake in protecting intellectual property rights and recognizing that these safeguards are a cornerstone of a healthy global information economy. Decisions regarding the use of vendors by any particular Member are made by each Member solely on a unilateral basis. Best practices outlined in this document are subject to local, state, regional, federal and country laws or regulations. Best practices outlined in this document, as well as the industry standards and supplementary documents, are subject to change periodically. Compliance with best practices is strictly voluntary. This is not an accreditation program. Questions or Comments If you have any questions or comments about the best practices, please email: mpaasitesecurity@mpaa.org Purpose and Applicability The purpose of this document is to promote security best practices related to the creation and handling of motion picture screeners. A screener is broadly defined as a copy of a motion picture provided to industry professionals. There are different types of screeners (e.g., awards or promotional), different recipients (e.g., censorship boards or media outlets) and numerous entities involved (e.g., guilds or studios). This document seeks to set general security expectations for entities that provide digital transfer services for any type of screener. Page 2
II. SCREENER OVERVIEW Types of s A screener is a copy of a motion picture (i.e., film, television show or related media) provided to awards voters, producers, distributors, critics, censorship boards and other industry professionals. The table below summarizes the five screener types: Risks Since screeners are distributed prior to the intended release window, there is a heightened risk of content theft. The table below outlines typical risks for the various types of screeners. Type of Promotional Awards Censorship Sales Hospitality Type of Pre- Theatrical Description Content that is physically or digitally distributed to critics and other media outlets Content that is physically or digitally distributed to awards voters Content that is physically or digitally distributed to censorship boards Content that is physically or digitally distributed to distributors and retailers Content that is physically or digitally distributed to airlines, hotels and other entities (e.g., military installations) in the nontheatrical window Theatrical Non- Theatrical Pre-Home Video Promotional X X X Awards X X X X Censorship X X X Sales X X X Hospitality X X X Type of Typical Risks Promotional Awards Censorship Sales Distribution of highly sensitive pre-theatrical and pre-home entertainment content that could be intercepted and leaked Responding to late screener requests leads to the use of non-standard delivery methods and chain of custody tracking Large volume (over 500,000) of screeners distributed every season increases the likelihood of a screener loss Restrictions against visible watermarking Improper handling of screeners by couriers, agencies, and recipients Inaccurate or dated address distribution lists, and informal guild member identification and verification processes Multiple copies of the same title sent to a single recipient Regulations in foreign countries often restrict against visible watermarking Improper handling of screeners by couriers and recipients Large volume of screeners distributed Improper handling of screeners by couriers and recipients Page 3
MPAA Site Security Program August 1, 2011 III. SCREENERS BEST PRACTICE GUIDELINES No. Best Practice Digital Transfer Services Implementation Guidance SCR-3.0 SCR-3.1 SCR-3.2 SCR-3.3 SCR-3.4 Enforce the use of unique usernames and passwords for recipients to access the digital screeners portal/application Enforce a strong password policy for gaining access to the digital screeners portal/application Require the content owner to approve each new user that has registered for a digital screeners account before access is granted Require two-factor authentication for new user registration and logon to the digital screeners portal/application Display anti-piracy warnings upon user registration and on the default screen of the digital screeners portal/application Establish policies to enforce the use of unique usernames and passwords Require authentication to access screener content, using unique usernames and passwords at a minimum Do not allow multiple accounts for a single email address Create a password policy that consists of the following: - Minimum password length of 8 characters - Minimum of 3 of the following parameters: upper case, lower case, numeric, and special characters - Maximum password age of 90 days - Minimum password age of 1 day - Maximum invalid logon attempts of between 3 and 5 attempts - Password history of ten previous passwords Require authorized business personnel to grant user access to specific screener titles Segregate new user enrollment privileges to backend IT administrators Implement a process to review the approvals of business personnel and the activities performed by IT administrators. Require individuals to provide two of the following for new user registration: - Information that the individual knows (e.g., account number, security questions) - A unique physical item that the individual has (e.g., registration card with unique ID number, token) - A unique physical quality that is unique to the individual (e.g., fingerprint, retina)
No. SCR-3.5 SCR-3.6 SCR-3.7 SCR-3.8 SCR-3.9 SCR-3.10 SCR-3.11 Best Practice Digital Transfer Services Implement a process for approving, tracking and logging devices that access the digital screeners portal/application, and limit the number of registered devices to 3 per user Implement access controls to limit the playback of screeners through the digital screeners portal/application, including the following at a minimum: Set a maximum view count for each title Prohibit concurrent logins Restrict user access to only specific screeners that they are authorized to view Expire access to screener content after a set period of time Option to revoke access to content upon request Implement access control policies to limit administrative access to the digital screeners portal/application Review access rights to the digital screeners portal/application monthly Retain access logs for the digital screeners portal/application every six months Control the download of screeners from the digital screeners portal/application Limit the amount of buffering or caching to what is required to stream content Implementation Guidance Consider generating a unique hardware signature for each device that accesses a user account; the hardware signature can be a hash of the device's MAC address, hard drive signature, IP address, etc., Restrict access to the portal to a set number of allowed digital signatures Implement an exception process for users to exceed the maximum number of devices upon approval by the studios Consider the following: - Issue an account activation key only upon user validation by the studios - Require a unique account for each individual administrator - Restrict administrative access only to host machines within valid IP address ranges - If administration is performed through a standalone application, allow each installation to be applied to only a single machine Remove access rights from users that no longer require access due to a change in job role, employment, guild membership, or industry activity Remove or disable any inactive accounts Store content logs on a centralized server that can be accessed only by specific users and is secured in an access-controlled room Limit to just in time buffering or caching Seek prior approval on workflow from content owner Page 5
No. SCR-3.12 SCR-3.13 SCR-3.14 SCR-3.15 SCR-3.16 SCR-3.17 SCR-3.18 Best Practice Digital Transfer Services Stream screener content in the lowest resolution that is acceptable for the screener's intended purpose Apply dynamically-generated visible watermarking to digitally streamed screener content Apply invisible forensic watermarking to digitally streamed and/or downloaded screener content Maintain records whenever content is streamed or downloaded that tie visible and invisible watermarking to identify a specific title, specific user, company affiliation, device MAC address, IP address, time and date Perform penetration testing on servers, databases and applications that host screener content at least annually, immediately before peak periods (e.g., awards season), and when there is a system change Remove screener content from the digital screeners portal/application after a predefined period of time (e.g., after voting periods, awards seasons, etc.) Implement several layers of security controls for the screener portal: Web Application Firewall Intrusion Prevention System Geographic restrictions Secure coding principles Audit logging, monitoring and alerting Transmission and storage encryption Implementation Guidance Apply visible watermarking as permitted by involved parties (e.g., guilds, government agencies) Consider a moving watermark that changes locations intermittently Ensure that the watermarks cannot be easily edited out of the screen Employ a third party to perform penetration testing Rotate between different third parties each year Use industry accepted testing guidelines, such as those issued by the Open Web Application Security Project (OWASP) to identify common web application vulnerabilities Page 6
APPENDIX A GLOSSARY This glossary of basic terms and acronyms are most frequently used and referred to within this publication. In the best practices guidelines, all terms that are included in this glossary are highlighted in bold typeface. Term or Acronym Description Term or Acronym Description Access Control Access Rights Advanced Encryption Standard (AES) Asset Management Awards Censorship Chain of Custody Form Digital s Portal / Application Forensic Watermarking Any safeguard that restricts access to a physical area or information system. Permission to use/modify an object or system. A NIST symmetric key encryption standard that uses 128-bit blocks and key lengths of 128, 192, or 256 bits. The system by which assets are tracked throughout the workflow, from acquisition to disposal. A screener that is physically or digitally distributed to awards voters. A screener that is digitally or physically distributed to censorship boards. A document that is used to track and record the chronological movement of an item; it typically includes information such as name of the person in custody of the item, date/time of hand-off, and reason for custody. The digital platform by which digital screeners are accessed. A digital technology that is used to uniquely identify the originator and intended user of content Hospitality Incident Response Promotional Sales Transfer Tools Two-Factor Authentication Visible Watermarking Content that is physically or digitally distributed to airlines, hotels and other entities (e.g., military installations) in the non-theatrical window. The detection, analysis, and remediation of security incidents. A screener that is digitally or physically distributed to critics and other media outlets. A screener that is physically or digitally distributed to distributors and retailers. A copy of a motion picture provided to industry professionals. Tools used for the electronic transmission of digital assets through a network, usually with acceptable encryption and authentication mechanisms. A method of authentication by which a user's identity is verified by the presentation of two of the following: a) something the user is; b) something the user has; and c) something the user knows. A digital technology that is used to embed a visible watermark onto the content to deter copyright infringement and content piracy. Guild Membership List A list containing the name and address of all guild members that is used for the distribution of awards screeners. Hardware Signature A digital signature that uniquely identifies the set of hardware that is used to access a system. Page 7
END OF DOCUMENT