NIST 800-53 REV 5 • MEDIA PROTECTION

MP-6(2)Equipment Testing

Test sanitization equipment and procedures {{ insert: param, mp-6.2_prm_1 }} to ensure that the intended sanitization is being achieved.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Testing of sanitization equipment and procedures may be conducted by qualified and authorized external entities, including federal agencies or external service providers.

Practitioner Notes

Your sanitization equipment and procedures need to be tested regularly to confirm they actually work. A degausser that has lost strength or a wipe tool with a bug could leave your data exposed.

Example 1: Test your degausser annually by degaussing a test tape or disk and then attempting data recovery using forensic tools. If data is recoverable, the degausser needs service or replacement. Document the test results.

Example 2: After running your disk sanitization tool (DBAN, Blancco, or similar), spot-check a percentage of sanitized drives by connecting them to a forensic workstation and scanning for residual data. Keep a log of verification tests with pass/fail results for each batch.

More Media Protection Controls

MP-1 Policy and Procedures MP-2 Media Access MP-2(1) Automated Restricted Access MP-2(2) Cryptographic Protection