Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

mp-6(8)

media sanitization  | remote purging / wiping of information

assessment objective:

Determine if the organization:

mp-6(8)[1]

defines information systems, system components, or devices to purge/wipe either remotely or under specific organizational conditions;

mp-6(8)[2]

defines conditions under which information is to be purged/wiped from organization-defined information systems, system components, or devices; and

mp-6(8)[3]

provides the capability to purge/wipe information from organization-defined information systems, system components, or devices either:

mp-6(8)[3][a]

remotely; or

mp-6(8)[3][b]

under organization-defined conditions.

potential assessment methods and objects:

Examine: [select from: Information system media protection policy; procedures addressing media sanitization and disposal; information system design documentation; information system configuration settings and associated documentation; media sanitization records; audit records; other relevant documents or records].

Interview: [select from: Organizational personnel with information system media sanitization responsibilities; organizational personnel with information security responsibilities; system/network administrators].

Test: [select from: Organizational processes for purging/wiping media; automated mechanisms supporting and/or implementing purge/wipe capabilities].