MP-6(4) — Controlled Unclassified Information

Media containing Controlled Unclassified Information (CUI) must be sanitized according to NIST SP 800-88 guidelines before disposal or reuse. CUI requires at least the Clear sanitization level for reuse and Purge or Destroy for disposal.

Example 1: Follow NIST SP 800-88 Rev 1 guidelines: for magnetic media containing CUI, perform a Clear (overwrite) for internal reuse or a Purge (degauss) for release outside the organization. For disposal, physically destroy the media using a shredder or disintegrator.

Example 2: Create a CUI Media Disposition checklist specific to your organization. Map each media type (HDD, SSD, USB, paper) to the required sanitization method. Include this checklist in your media protection procedures and train all IT staff on its use.