3.7.3 — Ensure Equipment Removed for Off-Site Maintenance Is Sanitized of Any CUI

Before any piece of equipment leaves your building for repair — a laptop sent to the manufacturer, a hard drive going to a disposal service — you need to make sure there is no CUI left on it. If you cannot sanitize it, the equipment should not leave.

Example 1: Before shipping a laptop for warranty repair, use a NIST 800-88 compliant tool like DBAN (Darik's Boot and Nuke) or Blancco Drive Eraser to wipe the drive. Document the sanitization with a certificate or log entry that includes the serial number and date wiped.

Example 2: For equipment with drives that cannot be removed or wiped (like a multifunction printer with an internal drive), enable the built-in disk encryption or secure erase feature in the device’s admin console before sending it out. Many enterprise printers from HP and Xerox have a "Secure Storage Erase" option in their management interface.