Device Class 1: Media Sanitization

Control ID: MP-6 Media Sanitization Family: Media Protection Source: NIST 800-53r4
Control: The organization:
  1. Sanitizes [Assignment: organization-defined information system media] prior to disposal, release out of organizational control, or release for reuse using [Assignment: organization-defined sanitization techniques and procedures] in accordance with applicable federal and organizational standards and policies; and
  2. Employs sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.
Supplemental Guidance:
This control applies to all information system media, both digital and non-digital, subject to disposal or reuse, whether or not the media is considered removable. Examples include media found in scanners, copiers, printers, notebook computers, workstations, network components, and mobile devices. The sanitization process removes information from the media such that the information cannot be retrieved or reconstructed. Sanitization techniques, including clearing, purging, cryptographic erase, and destruction, prevent the disclosure of information to unauthorized individuals when such media is reused or released for disposal. Organizations determine the appropriate sanitization methods recognizing that destruction is sometimes necessary when other methods cannot be applied to media requiring sanitization. Organizations use discretion on the employment of approved sanitization techniques and procedures for media containing information deemed to be in the public domain or publicly releasable, or deemed to have no adverse impact on organizations or individuals if released for reuse or disposal. Sanitization of non-digital media includes, for example, removing a classified appendix from an otherwise unclassified document, or redacting selected sections or words from a document by obscuring the redacted sections/words in a manner equivalent in effectiveness to removing them from the document. NSA standards and policies control the sanitization process for media containing classified information.

Related Controls: MA-2, MA-4, RA-3, SC-4
Control Enhancements: N/A
References: FIPS Publication 199; NIST Special Publications 800-60, 800-88; Web: http://www.nsa.gov/ia/mitigation_guidance/media_destruction_guidance/index.shtml.
Mechanisms:

  • Device shall provide a decommissioning feature where all data stored are destroyed and cannot be reconstructed. (Writing over the data three times meets the U.S. Department of Energy standard for securely erasing magnetic media. Writing over the data seven times meets the U.S. Department of Defense 5220-22-M standard.)
  • Device shall provide the ability to securely delete cryptographic key material on request.

Protocol Implementation Conformance Statements:
ID Statement Status Reference Notes
MP-6/1 Provides a decommissioning feature where all stored data is destroyed M
MP-6/1.1 Applies US DOE-level data erasure C1
MP-6/1.2 Applies DoD 5220-22-M C1 DoD 5220-22-M
MP-6/2 Provides mechanism to delete cryptographic key material on request M Specify mechanism