>myctrl.tools
Preferences
Under active development Content is continuously updated and improved · Last updated Feb 18, 2026, 2:55 AM UTC
Compare

MP.L1-3.8.3Media Disposal

Level 1
FAR 52.204-21 b.
800-171: 3.8.3

>Control Description

Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.

>Cross-Framework Mappings

NIST SP 800-171

3.8.3
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your media sanitization and disposal policy?
  • How do you determine appropriate sanitization methods for different media types?
  • Who is responsible for overseeing media sanitization and disposal?
  • What is your process for verifying media has been properly sanitized?
  • How do you document and track media sanitization and disposal?

Technical Implementation:

  • What sanitization tools and technologies are used (data wiping, degaussers)?
  • What methods sanitize different media types (SSDs, HDDs, tapes)?
  • How do you verify sanitization was successful?
  • What physical destruction methods are used when sanitization is not possible?
  • What tools document and certify media sanitization?
  • What logging tracks media sanitization and destruction?

Evidence & Documentation:

  • What media protection policies and procedures can you provide?
  • What media inventory and tracking records can you show?
  • What sanitization certificates demonstrate proper media disposal?
  • What transport documentation shows media accountability during transport?
  • What evidence shows media is properly marked with CUI indicators?
  • What encryption verification shows portable media is encrypted?
  • What access logs show restricted access to media?

Ask AI

Configure your API key to use AI features.