CCI-001028

Sanitize organization-defined system media prior to disposal, release out of organizational control, or release for reuse using organization-defined sanitization techniques and procedures.

Implementation Guidance

The organization being inspected/assessed sanitizes all media prior to disposal, release out of organizational control, or release for reuse IAW DoDM 5200.01 Vol. 1-4 using techniques and procedures IAW NIST SP 800-88. DoD has defined the sanitization techniques as techniques and procedures IAW NIST SP 800-88. DoD has defined the information system media as all media.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines media sanitization records, audit records, any other relevant documents or records, and sanitization tools to ensure sanitization is in compliance with DoDM 5200.01 Vol. 1-4 and uses techniques and procedures IAW NIST SP 800-88. The objective of the review is to verify the organization is sanitizing its digital and non-digital information system media prior to disposal, release for reuse, or release out of the organizational control. DoD has defined the sanitization techniques as techniques and procedures IAW NIST SP 800-88. DoD has defined the information system media as all media.

Compelling Evidence

1.) TTP or SOP showing steps for media sanitation. 2.) System Security Plan (SSP), if necessary, referencing sections which apply to disposal and release for reuse out of organizational control.

The controls below (if any) were marked by NIST as being related to CCI-001028.