PR.PS-03: Hardware is maintained, replaced, and removed commensurate with risk

Description

[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

3rd: 3rd Party Risk

Ex1: Replace hardware when it lacks needed security capabilities or when it cannot support software with needed security capabilities

Ex2: Define and implement plans for hardware end-of-life maintenance support and obsolescence

Ex3: Perform hardware disposal in a secure, responsible, and auditable manner