800-53|MP-6(3)

Title

NONDESTRUCTIVE TECHNIQUES

Description

The organization applies nondestructive sanitization techniques to portable storage devices prior to connecting such devices to the information system under the following circumstances: [Assignment: organization-defined circumstances requiring sanitization of portable storage devices].

Supplemental

This control enhancement applies to digital media containing classified information and Controlled Unclassified Information (CUI). Portable storage devices can be the source of malicious code insertions into organizational information systems. Many of these devices are obtained from unknown and potentially untrustworthy sources and may contain malicious code that can be readily transferred to information systems through USB ports or other entry portals. While scanning such storage devices is always recommended, sanitization provides additional assurance that the devices are free of malicious code to include code capable of initiating zero-day attacks. Organizations consider nondestructive sanitization of portable storage devices when such devices are first purchased from the manufacturer or vendor prior to initial use or when organizations lose a positive chain of custody for the devices.

Reference Item Details

Related: SI-3

Category: MEDIA PROTECTION

Parent Title: MEDIA SANITIZATION

Family: MEDIA PROTECTION

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIOS-15-004900 - Apple iOS/iPadOS 15 must [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-004900 - Apple iOS/iPadOS 15 must [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-005000 - Apple iOS/iPadOS 15 must [selection: remove Enterprise application, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-005000 - Apple iOS/iPadOS 15 must [selection: remove Enterprise application, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-009900 - Apple iOS/iPadOS 15 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-009900 - Apple iOS/iPadOS 15 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-010000 - Apple iOS/iPadOS 15 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-010000 - Apple iOS/iPadOS 15 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r4
AIOS-16-004900 - Apple iOS/iPadOS 16 must [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-004900 - Apple iOS/iPadOS 16 must [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-005000 - Apple iOS/iPadOS 16 must [selection: remove Enterprise application, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM - any nonfactory-installed application] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-005000 - Apple iOS/iPadOS 16 must [selection: remove Enterprise application, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM - any nonfactory-installed application] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-009900 - Apple iOS/iPadOS 16 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-009900 - Apple iOS/iPadOS 16 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-010000 - Apple iOS/iPadOS 16 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM - any nonfactory installed application] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-010000 - Apple iOS/iPadOS 16 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM - any nonfactory installed application] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-709900 - Apple iOS/iPadOS 16 must be configured to wipe enterprise data and apps upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1
AIOS-16-709900 - Apple iOS/iPadOS 16 must be configured to wipe enterprise data and apps upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1
AIOS-17-009900 - Apple iOS/iPadOS 17 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-009900 - Apple iOS/iPadOS 17 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-010000 - Apple iOS/iPadOS 17 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM - any nonfactory installed application] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-010000 - Apple iOS/iPadOS 17 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM - any nonfactory installed application] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-709900 - Apple iOS/iPadOS 17 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-17-709900 - Apple iOS/iPadOS 17 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-710000 - Apple iOS/iPadOS 17 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-710000 - Apple iOS/iPadOS 17 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-18-009900 - Apple iOS/iPadOS 18 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-009900 - Apple iOS/iPadOS 18 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-010000 - Apple iOS/iPadOS 18 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM - any nonfactory installed application] upon unenrollment from MDM.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-010000 - Apple iOS/iPadOS 18 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM - any nonfactory installed application] upon unenrollment from MDM.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-015100 - Apple iOS/iPadOS 18 must delete eSIM content when the device is erased.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-015100 - Apple iOS/iPadOS 18 must delete eSIM content when the device is erased.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
HONW-09-007150 - The Honeywell Android Pie must wipe all data upon unenrollment from MDM.MDMAirWatch - DISA Honeywell Android 9.x COBO v1r2
HONW-09-007150 - The Honeywell Android Pie must wipe all data upon unenrollment from MDM.MDMMobileIron - DISA Honeywell Android 9.x COBO v1r2