NIST 800-53 REV 5 • ACCESS CONTROL

AC-4(25)Data Sanitization

When transferring information between different security domains, sanitize data to minimize {{ insert: param, ac-04.25_odp.01 }} in accordance with {{ insert: param, ac-04.25_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Data sanitization is the process of irreversibly removing or destroying data stored on a memory device (e.g., hard drives, flash memory/solid state drives, mobile devices, CDs, and DVDs) or in hard copy form.

Practitioner Notes

Data sanitization at flow boundaries strips or replaces potentially harmful content while preserving the useful data. The goal is to make data safe for the destination environment.

Example 1: Deploy a CDR (Content Disarm & Reconstruct) solution like Votiro or Deep Secure on your file transfer boundary. It deconstructs every incoming file to its base elements, strips all active content (macros, scripts, embedded objects), and rebuilds a clean version.

Example 2: For images entering your environment, use a tool that strips EXIF metadata (GPS coordinates, camera serial numbers, timestamps) and re-encodes the image to a clean format. The ImageMagick command convert input.jpg -strip output.jpg removes all metadata profiles from the image.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management