Cyber AB CMMC-CCP Exam - Topic 5 Question 9 Discussion

Understanding NIST SP 800-88 Rev. 1 and Media SanitizationTheNIST Special Publication (SP) 800-88 Revision 1, Guidelines for Media Sanitization, provides guidance onsecure disposalof data from various types of storage media to prevent unauthorized access or recovery.

Clear

Useslogical techniquesto remove data from media, making it difficult to recover usingstandard system functions.

Example:Overwriting all datawith binary zeros or ones on a hard drive.

Applies to:Magnetic media, solid-state drives (SSD), and non-volatile memorywhen the media isreused within the same security environment.

Purge

Usesadvanced techniquesto make data recoveryinfeasible, even with forensic tools.

Example:Degaussinga magnetic hard drive orcryptographic erasure(deleting encryption keys).

Applies to:Media that is leaving organizational control or requires a higher level of assurance than 'Clear'.

Destroy

Physicallydamages the mediaso that data recovery isimpossible.

Example:Shredding, incinerating, pulverizing, or disintegratingstorage devices.

Applies to:Highly sensitive data that must be permanently eliminated.

B . Clear, Redact, Destroy (Incorrect)-- 'Redact' is a term used for document sanitization,notdata disposal.

C . Clear, Overwrite, Purge (Incorrect)-- 'Overwrite' is a method within 'Clear,' but it isnot a top-level categoryin NIST SP 800-88.

D . Clear, Overwrite, Destroy (Incorrect)-- 'Overwrite' is a sub-method of 'Clear,' but 'Purge' is missing, making this incorrect.

The correct answer isA. Clear, Purge, Destroy, as these are thethree official categoriesof data disposal inNIST SP 800-88 Revision 1.

NIST SP 800-88 Rev. 1 -- Guidelines for Media Sanitization

CMMC 2.0 Security Practices Related to Media Disposal(Aligned with NIST guidance)