Media Sanitization (MP-6)

| Show Notes
Created December 5, 2016
Revised September 1, 2016

Description

Media sanitization refers to information system media subject to disposal or reuse, whether or not the media is removable. This includes media in scanners, copiers, printers, laptop computers, workstations, network components and mobile devices (e.g., hard drives, flash drives, and other storage media).

Applicability

This Control applies to all information resources managed by the university.

The owner of an information resource, or designee, is responsible for ensuring that the measures described in this Control are implemented.

Implementation

1

Information system users shall sanitize information system media prior to disposal, release from university control, or release for sale or reuse.

1.1

Sanitization may be by such means as:

1.1.1

overwriting or modifying media to make it unreadable or indecipherable, or

1.1.2

physically destroying media.

2

Media containing confidential or controlled information must be protected (e.g., encryption, sanitation, etc.) prior to releasing to any third party (unauthorized user).