Iron Mountain – Data Wiping: On ITAD and Secure Sanitization of Your Virtual and Physical IT Assets
3.7 3.7.3 3.8 3.8.3 Maintenance Media Protection
https://www.ironmountain.com/en-in/resources/blogs-and-articles/d/data-wiping-on-itad-and-secure-sanitization-of-your-virtual-and-physical-it-assets
This is an article from Iron Mountain on data wiping and secure sanitization of virtual and physical IT assets.
https://www.irs.gov/privacy-disclosure/media-sanitization-guidelines
These are the guidelines by the IRS for media sanitization.
https://www.lifewire.com/free-data-destruction-software-programs-2626174
This is a blog from lifewire that provides a review of the 40 best free programs for data destruction software programs.
https://www.mcafee.com/en-us/antivirus/mcafee-total-protection.html
McAfee Total Protection to reduce the attack surface
Medium – Monitoring Applications to Prevent Unauthorized Access
3.7 3.7.6 Maintenance
https://medium.com/@cybersiftIO/monitoring-applications-to-prevent-unauthorised-access-ea79d64dba5c
Privileged account access and how it can be used in a malicious way to gain access and how to protect against it.
https://www.mtu.edu/it/security/policies-procedures-guidelines/media-destruction-procedure.pdf
This is Michigan Technological University’s media destruction procedure to provide an example for media destruction.
https://www.partitionwizard.com/disk-recovery/data-sanitization.html
This is a blog by MiniTool that covers the various data sanitization methods and explains the difference between wipe, erase, format and delete per DOD 5220.22-M method.
https://www.partitionwizard.com/partitionmagic/free-hard-drive-data-wipe-software-009.html
This article provides a list of 10 free hard drive wipe software for windows 10/8/7/Vista/XP.
https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=IA-2
The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).
https://nvd.nist.gov/800-53/Rev4/control/MA-5
The organization: a. Establishes a process for maintenance personnel authorization and maintains a list of authorized maintenance organizations or personnel; b. Ensures that non-escorted personnel performing maintenance on the information system have required access authorizations; and c. Designates organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.