Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization tests sanitization equipment and procedures [FedRAMP Assignment: (M) at least annually; (H) at least every six (6) months] to verify that the intended sanitization is being achieved.
Additional FedRAMP Requirements and Guidance: (M)(H) Equipment and procedures may be tested or validated for effectiveness.
NIST 800-53 (r4) Supplemental Guidance:
Testing of sanitization equipment and procedures may be conducted by qualified and authorized external entities (e.g., other federal agencies or external service providers).
References: FIPS Publication 199; NIST Special Publications 800-60, 800-88; Web: http://www.nsa.gov/ia/mitigation_guidance/media_destruction_guidance/index.shtml.
NIST 800-53 (r5) Discussion:
Testing of sanitization equipment and procedures may be conducted by qualified and authorized external entities, including federal agencies or external service providers.
38North Guidance:
Meets Minimum Requirement:
For moderate systems, the company conducts annual tests on digital media sanitization equipment and procedure
For high systems, the company conducts tests on digital media sanitization equipment and procedure every 6 months
Best Practice:
TBD
Unofficial FedRAMP Guidance: None
Assessment Evidence:
If external services are used, contract between the CSP and the external service
Records of previous media sanitization equipment and procedure tests
CSP Implementation Tips:
Amazon Web Services (AWS): Fully Inherited
Microsoft Azure: Fully Inherited
Google Cloud Platform: Fully Inherited
Page updated
Report abuse