Systems redeployment or disposal

Status: Live

The organization will develop, disseminate, and review: 1) a formal systems redeployment or disposal policy that addresses purpose, scope, RACI info, and compliance; and 2) formal standards and procedures to facilitate implementing the policy. [UCF ID 00901]

Supporting and supported controls

This control directly supports:

This control has the following supporting controls:

Authority documents complied with:

AICPA/CICA Privacy Framework, ID 5.2.2; FFIEC IT Examination Handbook – Development and Acquisition, Pg 32, Pg 33, Pg 56, Pg 57; FFIEC IT Examination Handbook – Information Security, Exam Tier II Obj C.14, Exam Tier II Obj D.5; US Department of Energy Cyber Security Program Media Clearing, Purging, and Destruction Guidance: DOE CIO Guidance CS-11, January 2007, § 6.b, § 6.b(5); North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards, CIP-007-1 R7; Design Criteria Standard for Electronic Records Management Software Application, DOD 5015.2, June 19, 2002, § C2.2.6.6; IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information, § 6.3.4, Exhibit 3(F); ISO 15489-1:2001, Information and Documentation: Records management: Part 1: General, § 9.9; Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14, September 1996, § 3.4.6; The Standard of Good Practice for Information Security, CI3.1.3, CI3.1.6; DISA Wireless STIG Apriva Sensa Secure Wireless Email System Security Checklist, V5R2.2, Version 5 Release 2.2, § 2.2 (WIR1170); DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, V5R2.3, Version 5 Release 2.3, § 2.2 (WIR1170); DISA Wireless STIG Windows Mobile Messaging Wireless EChecklist Version 5,Release 2.4, Version 5 Release 2.4, § 2.2 (WIR2170); ISO 17799:2005 Code of Practice for Information Security Management, § 9.2.6; ISO/IEC 27002-2005 Code of practice for information security management, § 9.2.6; Australian Government ICT Security Manual (ACSI 33), § 3.4.26, § 3.4.33, § 3.4.45, § 3.4.46, § 3.4.51; Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, NIST Special Publication 800-97, February 2007, Table 8-6 Item 57; Guidelines for Media Sanitization, NIST Special Publication 800-88, September, 2006, § 4.7; State of Arizona Standard P800-S880, Revision 2.0: Media Sanitation/Disposal, Rev. 2.0, § 4.2; Archer Control Table, ATCS-113, ATCS-734, ATCS-765, ATCS-770, ATCS-811

Sarbanes Oxley Guidance

The organization should dispose of all personal information in a manner that will prevent loss, misuse, or unauthorized access. [ID 5.2.2, AICPA/CICA Privacy Framework]

Banking and Finance Guidance

Surplus and/or obsolete software, hardware, and data should be disposed of in an orderly manner. [Pg 32, Pg 33, Pg 56, Pg 57, FFIEC IT Examination Handbook – Development and Acquisition]

[Exam Tier II Obj C.14, Exam Tier II Obj D.5, FFIEC IT Examination Handbook – Information Security]

Energy Guidance

The purging, clearing, and destruction of Type I Magnetic Tape, Type II Magnetic Tape, Type III Magnetic Tape, Floppies, Zip Drives, Bernoulli Boxes, Removable Hard Disks, Non-Removable Hard Disks, Magneto-optical: Read Only Optical Disk, Write Once Read Many (WORM) Optical Disk, Read Many Write Many Optical Disk, Flopticals, Helical-scan tapes, Cartridges, Optical, CD-R, CD-RW, CD-ROM, DVD, Magnetic Bubble Memory, Magnetic Core Memory, Magnetic Plated Wire, Magnetic-Resistive Memory, Read-Only Memory (ROM), Random Access Memory (RAM) (Volatile), Programmable ROM (PROM), Erasable PROM (UV PROM), Electrically Alterable PROM (EAPROM), Electrically Erasable PROM (EEPROM), Flash Erasable PROM (FEPROM), Printer Ribbons, Platens, Toner Cartridges, Laser Drums, Fax Machines, Cathode-Ray Tubes (if there is classified burn-in), Cell Phones, Personal Digital Assistants (PDAs), Routers, and Copy
Machines should meet the minimum requirements listed in Table 1 (storage media), Table 2 (electronic memory devices), and Table 3 (hardware) of this document.
Classified storage media that will be reused in an unclassified environment should be identified in the System Security Plan; should be tracked until it is purged or destroyed; should be overwritten in its entirety using a three-pass process, and the overwriting software should produce a report of any bad sectors that cannot be overwritten; should be destroyed if classified information located in bad sectors cannot be purged; should maintain disposal records; and an authorized individual should verify that all classified information on the media has been completely overwritten. Non-removable storage media that had contained classified information and was purged with the three-pass process may still be used in its current system in the following instances: if the unclassified storage media can only hold less than 20 MB of information and less than 0.001 percent of the media's capacity is classified information; if the classified storage media contains less than 0.1 percent of the non-removable capacity from a more restrictive classification; or the unclassified storage media has a low confidentiality impact and contains less than 0.1 percent of the non-removable capacity with a higher confidentiality impact. Partially contaminated storage media should be purged: the software should overwrite all contaminated areas, including free space, directories, and temporary data file locations; the software should confirm successful completion; the software should confirm the overwriting of specified areas; the software should provide information about bad sectors that cannot be overwritten; quality control should be used to verify that all contaminated information has been overwritten; any media that cannot be purged or data that is located in bad sectors and cannot be purged should be destroyed; and disposal records should be maintained. [§ 6.b, § 6.b(5), US Department of Energy Cyber Security Program Media Clearing, Purging, and Destruction Guidance: DOE CIO Guidance CS-11, January 2007]

The Responsible Entity shall establish formal methods, processes, and procedures for disposal or redeployment of Cyber Assets within the Electronic Security Perimeter(s) as identified and documented in Standard CIP-005. [CIP-007-1 R7, North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards]

US Federal Security Guidance

The destruction of media and records address the issue of removing residual data. While NIST provides controls for organizations to implement, DoD, as always, includes these procedures as automated controls performed by records management systems. [§ C2.2.6.6, Design Criteria Standard for Electronic Records Management Software Application, DOD 5015.2, June 19, 2002]

US Internal Revenue Guidance

Federal Tax Information should be destroyed or returned to the IRS or the SSA after its use. [§ 6.3.4, Exhibit 3(F), IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information]

Records Management Guidance

[§ 9.9, ISO 15489-1:2001, Information and Documentation: Records management: Part 1: General]

NIST Guidance

[§ 3.4.6, Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14, September 1996]

When a WLAN component is disposed of, the organization should ensure all sensitive configuration information has been removed, including pre-shared keys and passwords. When feasible, the organization should use a degaussing device. [Table 8-6 Item 57, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, NIST Special Publication 800-97, February 2007]

The organization should test the sanitization methods being used to ensure the proper protection is being maintained.
Test a sample of media to ensure it is sanitized appropriately with regard to its classification. The testing should be completed by personnel not involved in the sanitization process. [§ 4.7, Guidelines for Media Sanitization, NIST Special Publication 800-88, September, 2006]

US State Laws and Protectorates Guidance

Data sanitization should be performed on all storage media before redeploying or disposing of any assets. The method of data sanitization should be either degaussing, overwriting using a minimum of three overwrites, or destroying the media by shredding, incinerating, pulverizing, melting, or disintegrating. [§ 4.2, State of Arizona Standard P800-S880, Revision 2.0: Media Sanitation/Disposal, Rev. 2.0]

Other Configuration Guidance

New and reissued wireless e-mail devices should have a "Device HARD Reset" performed by the wireless e-mail system administrator, have all system software reinstalled from a trusted source, and have the site security policy pushed to the device before being issued to a user and put onto the wireless e-mail network. [§ 2.2 (WIR1170), DISA Wireless STIG Apriva Sensa Secure Wireless Email System Security Checklist, V5R2.2, Version 5 Release 2.2]

New and reissued wireless e-mail devices should have a "Device HARD Reset" performed by the wireless e-mail system administrator, have all system software reinstalled from a trusted source, and have the site security policy pushed to the device before being issued to a user and put onto the wireless e-mail network. [§ 2.2 (WIR1170), DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, V5R2.3, Version 5 Release 2.3]

New and reissued wireless e-mail devices should have a "Device HARD Reset" performed by the wireless e-mail system administrator, have all system software reinstalled from a trusted source, and have the site security policy pushed to the device before being issued to a user and put onto the wireless e-mail network. [§ 2.2 (WIR2170), DISA Wireless STIG Windows Mobile Messaging Wireless EChecklist Version 5,Release 2.4, Version 5 Release 2.4]

ISO Guidance

Prior to disposing equipment or sending it out for repair, the storage media should be checked for any sensitive information. If sensitive information is contained on the media, it should be physically destroyed, deleted, or overwritten in such a way that the data is not retrievable. [§ 9.2.6, ISO 17799:2005 Code of Practice for Information Security Management]

Prior to disposing equipment or sending it out for repair, the storage media should be checked for any sensitive information. If sensitive information is contained on the media, it should be physically destroyed, deleted, or overwritten in such a way that the data is not retrievable. [§ 9.2.6, ISO/IEC 27002-2005 Code of practice for information security management]

General Guidance

Sensitive material (both media and printed material) should be disposed of securely (erasure or burning). Media should be checked to ensure the data was erased prior to disposal, which should be done in accordance with the organization's documented procedures and standards. [CI3.1.3, CI3.1.6, The Standard of Good Practice for Information Security]

Asia and Pacific Rim Guidance

Hardware or media containing classified material should be sanitized or destroyed before being disposed. The following types of material cannot be sanitized and must be destroyed if they contain classified information: microfiche, microfilm, optical disks, printer ribbons, Programmable Read-Only Memory, and Read-Only Memory. To physically destroy media, it should be broken up or heated until it has been burnt to ash or melted. [§ 3.4.26, § 3.4.33, § 3.4.45, § 3.4.46, § 3.4.51, Australian Government ICT Security Manual (ACSI 33)]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.