CMMCDocs.comMP.L2-3.8.3
Also known as: Media sanitization requirement
The NIST SP 800-171 requirement that mandates the contractor sanitize or destroy system media containing CUI before disposal or release for reuse.
MP.L2-3.8.3 requires the contractor to 'sanitize or destroy system media containing CUI before disposal or release for reuse.' It applies to hard drives, solid-state drives, removable media, paper records, and any other physical or digital media that has held Controlled Unclassified Information.
The accepted methods for sanitization are defined in NIST SP 800-88, 'Guidelines for Media Sanitization.' Acceptable techniques include cryptographic erase, degaussing (for magnetic media only), physical destruction, and overwrite — each appropriate for different media types and data sensitivities.
A C3PAO will sample your media sanitization records (a logbook, ticket system entries, certificates of destruction from a vendor) and ask which NIST SP 800-88 method was used for each. Vague answers like 'we wiped it' are not sufficient.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account