MA.3.115 Supervise the maintenance activities of personnel without required access authorization.

CMMC Practice MA.3.115: You must supervise everyone who performs maintenance activities. Sometimes a person without proper permissions has to perform maintenance on your machines. Give that individual a logon that is active only once or for a very limited time, to limit system access.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Sanitization is a process that makes access to data infeasible on media such as a hard drive. The process may overwrite the entire media with a fixed pattern such as binary zeros. In addition to clearing the data an organization could purge (e.g., degaussing, secure erasing, or disassembling) the data, or even destroy the media (e.g., incinerating, shredding, or pulverizing). By performing one of these activities the data is extremely hard to recover, thus ensuring its confidentiality.

If additional guidance on which specific santization actions should be taken on any specific type of media, consider reviewing the description of the Purge actions given in NIST SP 800-88 Revision 1 – Guidelines for Media Sanitization.