UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Classified Destruction - Improper Disposal of Automated Information System (AIS) Hard Drives and Storage Media


Overview

Finding ID Version Rule ID IA Controls Severity
V-32111 IS-11.01.02 SV-42428r2_rule PECS-1 PECS-2 PEDD-1 High
Description
Failure to properly destroy classified or sensitive material can lead to the loss or compromise of classified or sensitive information.
STIG Date
Traditional Security 2013-07-11

Details

Check Text ( C-40661r9_chk )
Check to ensure classified systems equipment such as hard drives and media are properly sanitized (purged of all classified data so that recovery using known laboratory attack is not possible) before such equipment or media is disposed of or placed in use in a lower classification environment or an unclassified environment.

Note 1: Clearing procedures using overwrite software is not sufficient to dispose of classified equipment or media (for instance by release to property disposal, vendors, or placement in trash) or to re-use it in an unclassified or lesser classification environment other than its original classification level. Clearing will only enable the equipment or media to be re-used within the original classified environment.

NOTE 2: Be certain to read and apply specific guidance from Enclosure 3 and Enclosure 7 of Volume 3 of DoD Manual 5200.01. Important excerpts of this guidance follows:

Classified IT storage media (e.g., hard drives) cannot be declassified by overwriting.

Sanitization (which may destroy the usefulness of the media) or physical destruction is required
for disposal.
TACTICAL ENVIRONMENT: Applies in all environments whenever classified documents or materials are to be destroyed.
Fix Text (F-36067r4_fix)
Classified information system equipment such as hard drives and media must be properly sanitized (purged of all classified data so that recovery using known laboratory attack is not possible) before such equipment or media is disposed of or placed in use in a lower classification environment or an unclassified environment.

Note 1: Clearing procedures using overwrite software is not sufficient to dispose of classified equipment or media (for instance by release to property disposal, vendors, or placement in trash) or to re-use it in an unclassified or lesser classification environment other than its original classification level. Clearing will only enable the equipment or media to be re-used within the original classified environment.

NOTE 2: Sanitization and disposal must be IAW Enclosure 3 and Enclosure 7 of Volume 3 of DoD Manual 5200.01. Important excerpts of this guidance follows:

Classified IT storage media (e.g., hard drives) cannot be declassified by overwriting.

Sanitization (which may destroy the usefulness of the media) or physical destruction is required
for disposal.