Lack of plans and procedures to properly destroy classified and/or sensitive material can lead to the loss or compromise of classified or sensitive information. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, paragraphs 21.h.(9); 28; 29b.,d.(1)(2).h.(1)(2) and para 34. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: MP-1, MP-6, PE-1. DODI 8500.01, SUBJECT: Cybersecurity, March 14, 2014, Enclosure 3, paragraph 9.b.(8) (9) DOD Manual 5200.01, Volume 3, SUBJECT: DOD Information Security Program: Protection of Classified Information: Enclosure 2, paragraph 14 14(d); Enclosure 3 paragraphs 17, 18, 19; Enclosure 5, paragraph 3.d.(3); Enclosure 7, paragraph 6. Assistant Secretary of Defense for Command, Control, Communications and Intelligence Memorandum, Disposition of Unclassified DOD Computer Hard Drives, June 4, 2001 32 CFR 117 and 32 CFR 2001 and 2003 as well as DOD Manual 5220.32 Volume 1 NIST SP 800-88, Guidelines for Media Sanitization NSA/CSA Policy Manual 9-12, NSA/CSS Storage Device Declassification Manual https://www.nsa.gov/Resources/Media-Destruction-Guidance Satisfies: Destruction of Classified and Unclassified Documents, Equipment and Media - Policy/Procedure
Check to ensure there are procedures for the destruction of classified or sensitive documents, systems and media. Also check to ensure this documentation is readily available for employee reference and included in initial and recurring (annual) security training. TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments where procedural documents (SOPs) should be in place. Not applicable to a field/mobile environment.
Ensure there are procedures for the destruction of classified or sensitive documents, systems and media. Also check to ensure this documentation is readily available for employee reference and included in initial and recurring (annual) security training.