Description
The organization sanitizes information system media, both digital and non-digital, prior to disposal or release for reuse.\n
Supplemental Guidance
Sanitization is the process used to remove information from information system media such that there is reasonable assurance, in proportion to the confidentiality of the information, that the information cannot be retrieved or reconstructed. Sanitization techniques, including clearing, purging, and destroying media information, prevent the disclosure of organizational information to unauthorized individuals when such media is reused or disposed. The organization uses its discretion on sanitization techniques and procedures for media containing information deemed to be in the public domain or publicly releasable, or deemed to have no adverse impact on the organization or individuals if released for reuse or disposed. NIST Special Publication 800-88 provides guidance on media sanitization. The National Security Agency also provides media sanitization guidance and maintains a listing of approved sanitization products at http://www.nsa.gov/ia/government/mdg.cfm.\n
Changes from Rev 4
Removes ‘in accordance with applicable federal and organizational standards and policies’ from control text Discussion adds reference to NARA Incorporates media sanitization elements of withdrawn App J control DM-2
Enhancements
\n