Description

Data, documentation, tools, or system components can be disposed of at any time during the system development life cycle. Opportunities for compromise during disposal affect physical and logical data, including system documentation in paper-based or digital files; shipping and delivery documentation; memory sticks with software code; or complete routers or servers that include permanent media, which contain sensitive or proprietary information.

Applicability

  • This control applies to the Information Resource Owner or designee.

Implementation

  • 1

    The Information Resource Owner or designee is responsible to dispose of data, documentation, tools, or system components using techniques and methods described in Security Control MP-6 Media Sanitization.