3.5: Securely Dispose of Data
Threats Addressed:
Control is new to this version of the control set and incorporates the following control from the previous version: 13.2: Remove Sensitive Data or Systems Not Regularly Accessed by Organization.
Control Statement
Securely dispose of data as outlined in the enterprise’s data management process. Ensure the disposal process and method are commensurate with the data sensitivity.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]