>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

MP-6 (01)Media Sanitization | Review, Approve, Track, Document, and Verify

High

>Control Description

Review, approve, track, document, and verify media sanitization and disposal actions.

>FedRAMP Baseline Requirements

Additional Requirements and Guidance

MP-6 (1) Requirement: Must comply with NIST SP 800-88

>Discussion

Organizations review and approve media to be sanitized to ensure compliance with records retention policies. Tracking and documenting actions include listing personnel who reviewed and approved sanitization and disposal actions, types of media sanitized, files stored on the media, sanitization methods used, date and time of the sanitization actions, personnel who performed the sanitization, verification actions taken and personnel who performed the verification, and the disposal actions taken. Organizations verify that the sanitization of the media was effective prior to disposal.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of MP-6(1) (Review, Approve, Track, Document, And Verify)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring MP-6(1)?
  • How frequently is the MP-6(1) policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures MP-6(1) requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce MP-6(1) requirements.
  • What automated tools, systems, or technologies are deployed to implement MP-6(1)?
  • How is MP-6(1) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce MP-6(1) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of MP-6(1)?
  • What audit logs, records, reports, or monitoring data validate MP-6(1) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of MP-6(1) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate MP-6(1) compliance?

Ask AI

Configure your API key to use AI features.