Brief summary of the policy...
"In order for organizations to have appropriate controls on the information they are responsible for safeguarding, they must properly safeguard used media".
Four types of sanitization:
- Disposal - discarding media with no other sanitization considered.
- Clearing - clearing information that protects agains a robust keyboard attack. Overwriting is an acceptable method for clearing media.
- Purging - prtecting against a laboratory attack Degussing is one type of purging but not acceptable for all media (nonmagnetic media such as CD, DVDs, etc.)
- Destroying - After media are destroyed they cannot be reused as orginally intereded. Forms of this are disintegration, incineration, pulverizing, shredding and melting. Destruciton of media should be done by authorized personnel. Special disposition needs should be addressed.
This policy will affect...
21-Mar-2012 - This policy is a draft and is not yet in effect.
NIST SP-800-88 ( http://csrc.nist.gov/publications/ni...00-88_rev1.pdf )
FIPS 200, Minimum Security Requirements for Federal Information and Information Systems
Roles and Responsibilities
Chief Information Officer
Information System Owner
Record Management Officer
There are no known exceptions to this policy at this time.