CAF Outcome B3.e: Media Equipment Sanitisation

From the UK NCSC's Cyber Assessment Framework (version 3.1):

You appropriately sanitise media and equipment holding data important to the operation of the essential function.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

NCSC CAF Mapped to NIST CSF

B3.e: Media Equipment Sanitisation to CSF mappings generated from UK Cabinet Office table.

Control ID Description
PR.IP-6 Data is destroyed according to policy
PR.DS-3 Assets are formally managed throughout removal, transfers, and disposition
PR.PT-2 Removable media is protected and its use restricted according to policy

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.

  • Information persistence (SR 4.2)
    ISA/IEC 62443-3-3:2013
  • Ensure appropriate records control (4.3.4.4.4)
    ISA/IEC 62443-2-1:2009
  • Establish procedures for the addition, removal, and disposal of assets (4.3.3.3.9)
    ISA/IEC 62443-2-1:2009

Related ISO 27001 Controls

Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.

  • Disposal of media (8.3.2)
    ISO 27001:2013
  • Secure disposal or re-use of equipment (11.2.7)
    ISO 27001:2013

Related SP800-53 Controls

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Node
MP-6: Media Sanitization
CM-8: System Component Inventory
PE-16: Delivery and Removal
MP-5: Media Transport
MP-4: Media Storage
MP-3: Media Marking
MP-8: Media Downgrading
MP-2: Media Access
MP-7: Media Use