NIST CSF: PR.IP-6 Subcategory

From NIST's Cyber Security Framework (version 1):

Data is destroyed according to policy

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
MP-6: Media Sanitization

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Disposal of media (8.3.2)
    ISO 27001:2013
  • Handling of assets (8.2.3)
    ISO 27001:2013
  • Secure disposal or re-use of equipment (11.2.7)
    ISO 27001:2013
  • Management of removable media (8.3.1)
    ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Ensure appropriate records control (4.3.4.4.4)
    ISA/IEC 62443-2-1:2009
  • Information persistence (SR 4.2)
    ISA/IEC 62443-3-3:2013

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
A3.a Asset Management Everything required to deliver, maintain or support networks and information systems necessary for the operation of essential functions is determined and understood. This includes data, people and systems, as well as any supporting infrastructure (such as power or cooling).
B3.a Understanding Data You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions.
B3.e Media Equipment Sanitisation You appropriately sanitise media and equipment holding data important to the operation of the essential function.
B3.d Mobile Data You have protected data important to the operation of the essential function on mobile devices.