NIST 800-53 REV 5 • MEDIA PROTECTION
MP-8 — Media Downgrading
Establish {{ insert: param, mp-08_odp.01 }} that includes employing downgrading mechanisms with strength and integrity commensurate with the security category or classification of the information; Verify that the system media downgrading process is commensurate with the security category and/or classification level of the information to be removed and the access authorizations of the potential recipients of the downgraded information; Identify {{ insert: param, mp-08_odp.02 }} ; and Downgrade the identified system media using the established process.
CMMC Practice Mapping
No direct CMMC mapping
NIST 800-171 Mapping
No direct NIST 800-171 mapping
Related Controls
No related controls listed
Supplemental Guidance
Media downgrading applies to digital and non-digital media subject to release outside of the organization, whether the media is considered removable or not. When applied to system media, the downgrading process removes information from the media, typically by security category or classification level, such that the information cannot be retrieved or reconstructed. Downgrading of media includes redacting information to enable wider release and distribution. Downgrading ensures that empty space on the media is devoid of information.
Practitioner Notes
Media downgrading is the process of reducing the classification or sensitivity level of media so it can be used in a lower-security environment. This requires approved procedures and verification that the downgrading was successful.
Example 1: Establish a media downgrading process document that defines which media types can be downgraded, the approved sanitization methods for each type, verification procedures, and who has authority to approve downgrades. Get this approved by your security officer or ISSM.
Example 2: For hard drives being downgraded from classified to unclassified use, use an NSA-approved sanitization method, verify with a forensic scan, and have the downgrade authorized in writing by the appropriate official. Re-mark the media with its new classification level after downgrading.