MA.L2-3.7.3 Equipment Sanitization

CMMC Practice MA.L2-3.7.3 – Equipment Sanitization: Ensure equipment removed for off-site maintenance is sanitized of any CUI.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Sanitization is a process that makes access to data infeasible on media such as a hard drive. The process may overwrite the entire media with a fixed pattern such as binary zeros. In addition to clearing the data an organization could purge (e.g., degaussing, secure erasing, or disassembling) the data, or even destroy the media (e.g., incinerating, shredding, or pulverizing). By performing one of these activities the data is extremely hard to recover, thus ensuring its confidentiality.

If additional guidance on which specific santization actions should be taken on any specific type of media, consider reviewing the description of the Purge actions given in NIST SP 800-88 Revision 1 – Guidelines for Media Sanitization.