AC-4(25): Data Sanitization

Control Family:

Access Control

Parent Control:

AC-4: Information Flow Enforcement

CSF v1.1 References:

ID.AM-3
PR.AC-5
PR.DS-5
DE.AE-1

Threats Addressed:

Information Disclosure

Baselines:

(Not part of any baseline)

Control is new to this version of the control set.

Control Statement

When transferring information between different security domains, sanitize data to minimize [Assignment (one or more): delivery of malicious content, command and control of malicious code, malicious code augmentation, and steganography encoded data, spillage of sensitive information] in accordance with [Assignment: organization-defined policy]].

Supplemental Guidance

Data sanitization is the process of irreversibly removing or destroying data stored on a memory device (e.g., hard drives, flash memory/solid state drives, mobile devices, CDs, and DVDs) or in hard copy form.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5