[csf.tools Note: Subcategories do not have detailed descriptions.]
NIST Special Publication 800-53 Revision 5
Sanitize [Assignment: organization-defined system media] prior to disposal, release out of organizational control, or release for reuse using [Assignment: organization-defined sanitization techniques and procedures]; and Employ sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.
Dispose of [Assignment: organization-defined data, documentation, tools, or system components] using the following techniques and methods: [Assignment: organization-defined techniques and methods].
NIST Special Publication 800-171 Revision 2
This requirement applies to all system media, digital and non-digital, subject to disposal or reuse. Examples include: digital media found in workstations, network components, scanners, copiers, printers, notebook computers, and mobile devices; and non-digital media such as paper and microfilm. The sanitization process removes information from the media such that the information cannot be retrieved…
Cloud Controls Matrix v3.0.1
Policies and procedures shall be established with supporting business processes and technical measures implemented for the secure disposal and complete removal of data from all storage media, ensuring data is not recoverable by any computer forensic means.
Policies and procedures shall be established for the secure disposal of equipment (by asset type) used outside the organization’s premises. This shall include a wiping solution or destruction process that renders recovery of information impossible. The erasure shall consist of a full overwrite of the drive to ensure that the erased drive is released to…
All mobile devices permitted for use through the company BYOD program or a company-assigned mobile device shall allow for remote wipe by the company’s corporate IT or shall have all company-provided data wiped by the company’s corporate IT.
Critical Security Controls Version 8
Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
NIST Special Publication 800-53 Revision 4
The organization: Sanitizes [Assignment: organization-defined information system media] prior to disposal, release out of organizational control, or release for reuse using [Assignment: organization-defined sanitization techniques and procedures] in accordance with applicable federal and organizational standards and policies; and Employs sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the…