MA-3(3)—Prevent Unauthorized Removal
MODERATE
HIGH
>Control Description
Prevent the removal of maintenance equipment containing organizational information by: a. Verifying that there is no organizational information contained on the equipment; b. Sanitizing or destroying the equipment; c. Retaining the equipment within the facility; or d. Obtaining an exemption from [Assignment: organization-defined personnel or roles] explicitly authorizing removal of the equipment from the facility.
>Supplemental Guidance
Organizational information includes all information owned by organizations and any information provided to organizations for which the organizations serve as information stewards.