UCF ID: 02123 |
Control Type: Actionable Reports or measurements |
Status: Live |
Metric guidance
Calculation: The calculation for this metric is # of media sanitized / # of media submitted for reuse or disposal.
Calculation source: The authority document source of information is NIST 800-55, Critical Element 8.2. The following formula was used: the number of media that has been submitted for disposal or reuse and have been sanitized in accordance with policies, standards, and procedures divided by the total number of media that has been submitted for disposal or reuse for each business unit (or the organization as a whole) .
The Common Control IDs associated with this metric are as follows:
- • Wipe all data storage media clean prior to disposal or redeployment. [UCF Control ID 01643]
• Establish and maintain procedures for the disposition and destruction of media. [UCF Control ID 00971]
• Degauss or reformat electronic media to prevent the recovery of residual data. [UCF Control ID 00973]
Supporting and supported controls
This control directly supports:
- • Establish and maintain a back-up and recovery management metrics program. [UCF Control ID 02084]
There are no supporting controls.
Authority documents complied with:
CISWG Information Security Program Elements, January 10,2005, ISPE28.4; Guide for Developing Performance Metrics for Information Security, NIST SP 800-80, Table 14
US Federal Security Guidance
The organization must measure and report on the percentage of operational time that critical services were unavailable (as seen by users and customers) due to security incidents. [ISPE28.4, CISWG Information Security Program Elements, January 10,2005]
NIST Guidance
This metric must be calculated using # of media sanitized / # of media submitted for reuse or disposal [Table 14, Guide for Developing Performance Metrics for Information Security, NIST SP 800-80]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.