NIST 800-53 REV 5 • MEDIA PROTECTION

MP-6(1)Review, Approve, Track, Document, and Verify

Review, approve, track, document, and verify media sanitization and disposal actions.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Organizations review and approve media to be sanitized to ensure compliance with records retention policies. Tracking and documenting actions include listing personnel who reviewed and approved sanitization and disposal actions, types of media sanitized, files stored on the media, sanitization methods used, date and time of the sanitization actions, personnel who performed the sanitization, verification actions taken and personnel who performed the verification, and the disposal actions taken. Organizations verify that the sanitization of the media was effective prior to disposal.

Practitioner Notes

This enhancement adds formal review, approval, tracking, documentation, and verification steps to your media sanitization process. Every sanitization action needs oversight and a paper trail.

Example 1: Create a Media Sanitization Record form that requires: media description and serial number, sanitization method, date, technician name, witness name, verification method (e.g., attempted data recovery), and supervisor approval. File these records for your retention period.

Example 2: Use an asset management tool (Snipe-IT, ServiceNow Asset Management) to track media through its lifecycle from deployment to sanitization to destruction. Require sign-off at each stage. Run a quarterly reconciliation to ensure every decommissioned asset has a corresponding sanitization record.

More Media Protection Controls

MP-1 Policy and Procedures MP-2 Media Access MP-2(1) Automated Restricted Access MP-2(2) Cryptographic Protection