Sanitization

Sanitization (or media sanitization) is the process of making data on storage media unrecoverable before the media is reused, repurposed, or disposed of. Simple deletion doesn't actually remove data — it just marks the space as available. Sanitization ensures that sensitive data, including CUI, cannot be recovered from decommissioned equipment.

Sanitization methods include clearing (overwriting data), purging (degaussing or cryptographic erasure), and destroying (shredding, disintegrating, incinerating). The appropriate method depends on the sensitivity of the data and whether the media will be reused or destroyed.

Why It Matters

Media sanitization is a CMMC requirement. Improperly disposed equipment containing CUI is a data breach. Having a documented sanitization process and maintaining records of media disposition protects you from compliance findings and data exposure.

Related Resources

CMMC: MP.L1-3.8.3
NIST 800-171: 3.8.3
NIST 800-53: AC-4(25)
NIST 800-53: MA-4(3)
NIST 800-53: MP-6
NIST 800-53: MP-7(2)