MP-6: Media Sanitization

NIST Baseline: Low

Information system users shall sanitize information system media prior to disposal, release from university control, or release for sale or reuse, in accordance with the following:
- Before leaving the custody of Tarleton State University (Tarleton), electronic media must be sanitized and destroyed following the guidelines set by the National Institute of Standards and Technology (NIST) SP 800-88.
- Prior to the destruction of any media, the information resource owner or their designee should be consulted and reminded that media sanitization is not reversable. Information resource owners or their designee are responsible for making a copy of any information that needs to be retained to another Tarleton information resource before media is sanitized.
- Disposal must be in accordance with state requirements and applicable university records retention schedules and data classification.
- Media containing critical, confidential or university-internal data must be protected (e.g., encryption, sanitation, etc.) prior to releasing to any third party (unauthorized user).