800-53|MP-6

Title

MEDIA SANITIZATION

Description

The organization:

Supplemental

This control applies to all information system media, both digital and non-digital, subject to disposal or reuse, whether or not the media is considered removable. Examples include media found in scanners, copiers, printers, notebook computers, workstations, network components, and mobile devices. The sanitization process removes information from the media such that the information cannot be retrieved or reconstructed. Sanitization techniques, including clearing, purging, cryptographic erase, and destruction, prevent the disclosure of information to unauthorized individuals when such media is reused or released for disposal. Organizations determine the appropriate sanitization methods recognizing that destruction is sometimes necessary when other methods cannot be applied to media requiring sanitization. Organizations use discretion on the employment of approved sanitization techniques and procedures for media containing information deemed to be in the public domain or publicly releasable, or deemed to have no adverse impact on organizations or individuals if released for reuse or disposal. Sanitization of non-digital media includes, for example, removing a classified appendix from an otherwise unclassified document, or redacting selected sections or words from a document by obscuring the redacted sections/words in a manner equivalent in effectiveness to removing them from the document. NSA standards and policies control the sanitization process for media containing classified information.

Reference Item Details

Related: MA-2,MA-4,RA-3,SC-4

Category: MEDIA PROTECTION

Family: MEDIA PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3 Disable MariaDB Command History - .mysql_historyUnixCIS MariaDB 10.6 on Linux L2 v1.1.0
1.3 Disable MariaDB Command History - ~/.mysql_historyUnixCIS MariaDB 10.6 on Linux L2 v1.1.0
1.3 Disable MySQL Command HistoryWindowsCIS MySQL 5.7 Enterprise Windows OS L2 v2.0.0
1.3 Disable MySQL Command HistoryUnixCIS MySQL 8.0 Enterprise Linux OS L2 v1.3.0
1.3 Disable MySQL Command HistoryWindowsCIS MySQL 5.7 Community Windows OS L2 v2.0.0
1.3 Disable MySQL Command HistoryUnixCIS MySQL 8.0 Community Linux OS L2 v1.0.0
1.3 Disable MySQL Command HistoryWindowsCIS MySQL 5.6 Community Windows OS L2 v2.0.0
1.3 Disable MySQL Command HistoryWindowsCIS MySQL 5.6 Enterprise Windows OS L2 v2.0.0
1.3 Disable MySQL Command History - .mysql_historyUnixCIS MySQL 5.6 Enterprise Linux OS L2 v2.0.0
1.3 Disable MySQL Command History - .mysql_historyUnixCIS MySQL 5.6 Community Linux OS L2 v2.0.0
1.3 Disable MySQL Command History - .mysql_historyUnixCIS MySQL 5.7 Community Linux OS L2 v2.0.0
1.3 Disable MySQL Command History - .mysql_historyUnixCIS MySQL 5.7 Enterprise Linux OS L2 v2.0.0
1.3 Disable MySQL Command History - ~/.mysql_historyUnixCIS MySQL 5.6 Enterprise Linux OS L2 v2.0.0
1.3 Disable MySQL Command History - ~/.mysql_historyUnixCIS MySQL 5.7 Community Linux OS L2 v2.0.0
1.3 Disable MySQL Command History - ~/.mysql_historyUnixCIS MySQL 5.6 Community Linux OS L2 v2.0.0
1.3 Disable MySQL Command History - ~/.mysql_historyUnixCIS MySQL 5.7 Enterprise Linux OS L2 v2.0.0
2.3 Disable PostgreSQL Command HistoryUnixCIS PostgreSQL 13 OS v1.2.0
2.3 Disable PostgreSQL Command HistoryUnixCIS PostgreSQL 14 OS v 1.2.0
2.5.9.2.1 Ensure 'PST Null Data on Delete' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.28 Ensure 'Enable automatic HTTPS upgrades' Is EnabledWindowsCIS Google Chrome L1 v3.0.0
3.7 Ensure no files or directories without an owner and a group existUnixCIS IBM AIX 7 v1.0.0 L1
3.8 Restrict Core Dumps to Protected DirectoryUnixCIS Oracle Solaris 11.4 L1 v1.1.0
5.3 Ensure 'Set disk cache size, in bytes' is set to 'Enabled: 250609664'WindowsCIS Google Chrome L1 v3.0.0
6.4 Ensure 'log-raw' is Set to 'OFF'UnixCIS MySQL 8.0 Community Linux OS L1 v1.0.0
6.4 Ensure 'log-raw' is Set to 'OFF'UnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.3.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - /etc/my.cnfUnixCIS MySQL 5.6 Community Linux OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - /etc/my.cnfUnixCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - /etc/mysql/my.cnfUnixCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - /etc/mysql/my.cnfUnixCIS MySQL 5.6 Community Linux OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.cnfWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.cnfWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.ini ExistsWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.ini ExistsWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnfWindowsCIS MySQL 5.7 Community Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - %WINDIR%\my.cnfWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - %WINDIR%\my.cnfWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - %WINDIR%\my.iniWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - %WINDIR%\my.iniWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - C:\my.cnfWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - C:\my.cnfWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - C:\my.iniWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - C:\my.iniWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - MYSQL_INSTALL\my.cnfWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - MYSQL_INSTALL\my.cnfWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - MYSQL_INSTALL\my.iniWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - MYSQL_INSTALL\my.iniWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - SYSCONFDIR/my.cnfUnixCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - SYSCONFDIR/my.cnfUnixCIS MySQL 5.6 Community Linux OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - SYSCONFDIRmy.cnfUnixCIS MySQL 5.6 Community Linux OS L1 v2.0.0
6.4 Ensure 'log-raw' Is Set to 'OFF' - SYSCONFDIRmy.cnfUnixCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0