MA-3(3): Prevent Unauthorized Removal
Control Family:
Parent Control:
CSF v1.1 References:
Threats Addressed:
Baselines:
- Moderate
- High
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- MA-3(3): Prevent Unauthorized Removal
Control Statement
Prevent the removal of maintenance equipment containing organizational information by:
- Verifying that there is no organizational information contained on the equipment;
- Sanitizing or destroying the equipment;
- Retaining the equipment within the facility; or
- Obtaining an exemption from [Assignment: organization-defined personnel or roles] explicitly authorizing removal of the equipment from the facility.
Supplemental Guidance
Organizational information includes all information owned by organizations and any information provided to organizations for which the organizations serve as information stewards.