>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SR-12Component Disposal

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Dispose of organization-defined data, documentation, tools, or system components using the following techniques and methods: organization-defined techniques and methods.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Data, documentation, tools, or system components can be disposed of at any time during the system development life cycle (not only in the disposal or retirement phase of the life cycle). For example, disposal can occur during research and development, design, prototyping, or operations/maintenance and include methods such as disk cleaning, removal of cryptographic keys, partial reuse of components. Opportunities for compromise during disposal affect physical and logical data, including system documentation in paper-based or digital files; shipping and delivery documentation; memory sticks with software code; or complete routers or servers that include permanent media, which contain sensitive or proprietary information.

Additionally, proper disposal of system components helps to prevent such components from entering the gray market.

>Programmatic Queries

Beta

Related Services

AWS Config
AWS CloudTrail
AWS Systems Manager

CLI Commands

List terminated instances (disposal audit)
aws ec2 describe-instances --filters Name=instance-state-name,Values=terminated --query "Reservations[].Instances[].{Id:InstanceId,TerminatedTime:StateTransitionReason}"
Check CloudTrail for resource deletion events
aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=TerminateInstances --max-results 20
List snapshots pending deletion
aws ec2 describe-snapshots --owner-ids self --query "Snapshots[?State=='completed'].{Id:SnapshotId,Created:StartTime,Size:VolumeSize}"
List EBS volumes with no attachments (orphaned)
aws ec2 describe-volumes --filters Name=status,Values=available --query "Volumes[].{Id:VolumeId,Size:Size,Created:CreateTime}"
Open AWS ConsoleDocumentation

>Related Controls

MP-6

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What supply chain risk management policies address SR-12?
  • Who is responsible for managing supply chain risks?
  • How do you assess and monitor risks from suppliers, vendors, and contractors?

Technical Implementation:

  • What processes ensure that supply chain components meet security requirements?
  • How do you verify the authenticity and integrity of acquired components?
  • What controls prevent counterfeit or malicious components from entering your supply chain?
  • How do you track and verify the provenance of system components?

Evidence & Documentation:

  • Can you provide supply chain risk assessments?
  • What documentation demonstrates supplier compliance with security requirements?
  • Where do you maintain records of supplier assessments and component provenance?
  • Can you show component inventory and validation records?

Ask AI

Configure your API key to use AI features.