PR.IP-6: Data is destroyed according to policy
PF v1.0 References:
Threats Addressed:
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
MP-6: Media Sanitization
Sanitize [Assignment: organization-defined system media] prior to disposal, release out of organizational control, or release for reuse using [Assignment: organization-defined sanitization techniques and procedures]; and Employ sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.
SR-12: Component Disposal
Dispose of [Assignment: organization-defined data, documentation, tools, or system components] using the following techniques and methods: [Assignment: organization-defined techniques and methods].
NIST Special Publication 800-171 Revision 2
3.8.3: Sanitize or destroy system media containing CUI before disposal or release for reuse
This requirement applies to all system media, digital and non-digital, subject to disposal or reuse. Examples include: digital media found in workstations, network components, scanners, copiers, printers, notebook computers, and mobile devices; and non-digital media such as paper and microfilm. The sanitization process removes information from the media such that the information cannot be retrieved…
Cloud Controls Matrix v3.0.1
DSI-07: Secure Disposal
Policies and procedures shall be established with supporting business processes and technical measures implemented for the secure disposal and complete removal of data from all storage media, ensuring data is not recoverable by any computer forensic means.
DCS-05: Off-Site Equipment
Policies and procedures shall be established for the secure disposal of equipment (by asset type) used outside the organization’s premises. This shall include a wiping solution or destruction process that renders recovery of information impossible. The erasure shall consist of a full overwrite of the drive to ensure that the erased drive is released to…
MOS-18: Remote Wipe
All mobile devices permitted for use through the company BYOD program or a company-assigned mobile device shall allow for remote wipe by the company’s corporate IT or shall have all company-provided data wiped by the company’s corporate IT.
Critical Security Controls Version 8
3: Data Protection
Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
NIST Special Publication 800-53 Revision 4
MP-6: Media Sanitization
The organization: Sanitizes [Assignment: organization-defined information system media] prior to disposal, release out of organizational control, or release for reuse using [Assignment: organization-defined sanitization techniques and procedures] in accordance with applicable federal and organizational standards and policies; and Employs sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the…