MP.L1-3.8.3 — Sanitize or destroy system media containing CUI before disposal or release for reuse.
What this control requires
Sanitize or destroy system media containing CUI before disposal or release for reuse.
Source: CMMC L1 v2.13 MP.L1-3.8.3 / FAR 52.204-21(b)(1) / NIST SP 800-171 R2 3.8.3 (official control text).
Why this matters
When devices or documents contain CUI, simply deleting files or throwing paper in recycling exposes sensitive data to recovery by adversaries, competitors, or unauthorized parties. This control requires that all media—hard drives, USB sticks, phones, copiers, and printed materials—be rendered unrecoverable before disposal or reuse. Proper sanitization prevents data breaches that occur after equipment leaves organizational control, protects client confidentiality, and ensures compliance with federal disposal standards. Without it, decommissioned hardware becomes an attack vector.
What evidence assessors expect
Assessors typically look for: PDF, photo, screenshot. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on MP.L1-3.8.3.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →