End-of-life IT Asset Disposal
For Government Contractors
Government contractors must comply with DFARs and NIST 800 guidelines. Newer requirements for CMMC 2.0 will be more stringent and require additional cybersecurity audits. The DCMA DIBCAC guidelines provide best practices for the Department of Defense’s (DoD) contractor cybersecurity risk mitigation efforts to protect our national security and Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.
To meet NIST SP 800-171 requirement 3.8.3, you must “sanitize or destroy information system media containing CUI before disposal or release for reuse.”
The objective of requirement 3.8.3 is to ensure that your company or government data can not be recovered from media such as removable drives, SSDs, and hard drives when they are disposed of or reused. A study from NAID highlighted the risks of failure to follow proper data sanitization procedures when they released a study that showed that 40% of used devices sold on popular e-commerce sites contained PII (Personally Identifiable Information).