Guidance for NIST 800-171 Assessment & Compliance
Applicable (Y)es / (N)o |
(C)onfidentiality |
(I)ntegrity |
(A)vailability |
RPN (C+I+A) |
(S)atisfactory |
||||||
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
(O)ther than satisfactory +## |
||
|
|
|
|
|
|
|
|
|
|
|
|
###
mp-6(1) |
media sanitization | review / approve / track / document / verify |
|
|
assessment objective: Determine if the organization: |
|
mp-6(1)[1] |
reviews media sanitization and disposal actions; |
|
mp-6(1)[2] |
approves media sanitization and disposal actions; |
|
mp-6(1)[3] |
tracks media sanitization and disposal actions; |
|
mp-6(1)[4] |
documents media sanitization and disposal actions; and |
|
mp-6(1)[5] |
verifies media sanitization and disposal actions. |
|
potential assessment methods and objects: Examine: [select from: Information system media protection policy; procedures addressing media sanitization and disposal; media sanitization and disposal records; review records for media sanitization and disposal actions; approvals for media sanitization and disposal actions; tracking records; verification records; audit records; other relevant documents or records]. Interview: [select from: Organizational personnel with information system media sanitization and disposal responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [select from: Organizational processes for media sanitization; automated mechanisms supporting and/or implementing media sanitization]. |
||
