Reference: CMMC 2.0
Level Introduced: 1
Title: Media Disposal
Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.
In this case, "media" can mean something as simple as paper, or storage devices like diskettes, disks, tapes, microfiche, thumb drives, CDs and DVDs, and even mobile phones. It is important to see what information is on these types of media. If there is Federal contract information (FCI)-information you or your company got doing work for the Federal government that is not shared publicly)-you or someone in your company should do one of two things before throwing the media away:
• clean or purge the information, if you want to reuse the device; or
• shred or destroy the device so it cannot be read.
See NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization for more information.
You are moving into a new office. As you pack for the move, you find some of your old CDs in a file cabinet. When you load the CDs into your computer drive, you see that one has information about an old project your company did for the Department of Defense (DoD). Rather than throw the CD in the trash, you make sure that it is shredded.