CT.DM-P5: Data are destroyed according to policy
CSF v1.1 References:
Threats Addressed:
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.
Related Controls
NIST Special Publication 800-53 Revision 5
MP-6: Media Sanitization
Sanitize [Assignment: organization-defined system media] prior to disposal, release out of organizational control, or release for reuse using [Assignment: organization-defined sanitization techniques and procedures]; and Employ sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.
SR-12: Component Disposal
Dispose of [Assignment: organization-defined data, documentation, tools, or system components] using the following techniques and methods: [Assignment: organization-defined techniques and methods].
Cloud Controls Matrix v3.0.1
DSI-07: Secure Disposal
Policies and procedures shall be established with supporting business processes and technical measures implemented for the secure disposal and complete removal of data from all storage media, ensuring data is not recoverable by any computer forensic means.
DCS-05: Off-Site Equipment
Policies and procedures shall be established for the secure disposal of equipment (by asset type) used outside the organization’s premises. This shall include a wiping solution or destruction process that renders recovery of information impossible. The erasure shall consist of a full overwrite of the drive to ensure that the erased drive is released to…
MOS-18: Remote Wipe
All mobile devices permitted for use through the company BYOD program or a company-assigned mobile device shall allow for remote wipe by the company’s corporate IT or shall have all company-provided data wiped by the company’s corporate IT.
Critical Security Controls Version 8
3: Data Protection
Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
NIST Special Publication 800-53 Revision 4
MP-6: Media Sanitization
The organization: Sanitizes [Assignment: organization-defined information system media] prior to disposal, release out of organizational control, or release for reuse using [Assignment: organization-defined sanitization techniques and procedures] in accordance with applicable federal and organizational standards and policies; and Employs sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the…