MP-6 Media Sanitization
Description
Media sanitization refers to information system media subject to disposal or reuse, whether or not the media is removable. This includes media in scanners, copiers, printers, laptop computers, workstations, network components and mobile devices (e.g., hard drives, flash drives, and other storage media).
Applicability
- This Control applies to all information resources managed by the university.
- The owner of an information resource, or designee, is responsible for ensuring that the measures described in this Control are implemented.
Implementation
-
1 - Information system users shall sanitize information system media prior to disposal, release from university control, or release for sale or reuse.
-
1.1 - Sanitization may be by such means as:
-
1.1.1 - overwriting or modifying media to make it unreadable or indecipherable, or
Related Resource -
1.1.2 - physically destroying media.
-
-
1.2 - Disposal must be in accordance with state requirements and applicable university records retention schedules and data classification.
Related ResourceRelated ResourceRelated Resource
-
-
2 - Media containing Critical, Confidential or University-Internal data must be protected (e.g., encryption, sanitation, etc.) prior to releasing to any third party (unauthorized user).