CCI-002580

Employ sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.

Implementation Guidance

Determine if sanitization mechanisms with strength and integrity commensurate with the security category or classification of the information are employed.

Validation Procedures

Examine: [SELECT FROM: System media protection policy; procedures addressing media sanitization and disposal; applicable federal standards and policies addressing media sanitization policy; media sanitization records; system audit records; system design documentation; records retention and disposition policy; records retention and disposition procedures; system configuration settings and associated documentation; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with media sanitization responsibilities; organizational personnel with records retention and disposition responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes for media sanitization; mechanisms supporting and/or implementing media sanitization].

The controls below (if any) were marked by NIST as being related to CCI-002580.