NIST SP 800-171 & CMMC 2.0 3.7.3 Requirement:
Ensure equipment removed for off-site maintenance is sanitized of any “Controlled Unclassified Information” (CUI).
NIST SP 800-171 & CMMC 2.0 3.7.3 Requirement Explanation:
When you send a hard drive off-site either individually or within a system such as a laptop you can no longer protect it. Encryption does provide protection however it can still be cracked. By wiping the drive you avoid this risk.
Example NIST SP 800-171 & CMMC 2.0 3.7.3 Implementation:
Before you send a device containing a hard drive or any other storage media to a vendor or other party for maintenance you need to either remove or wipe the drive. Even if the drive is encrypted you need to wipe it. You should use the DoD 5220.22-M method to wipe the drive.
NIST SP 800-171 & CMMC 2.0 3.7.3 Scenario(s):
- Scenario 1:
A user has reported that their laptop is constantly crashing. You troubleshoot the issue but are unable to resolve it. You contact the laptop manufacturer. The manufacturer instructs you to ship the laptop to the manufacturer for a motherboard replacement. Before sending the laptop you backup the hard drive and then wipe the data on it using the DoD 5220.22-M method.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.