SA-19(3) — Component Disposal

Dispose of system components securely to prevent data leakage and ensure that decommissioned equipment cannot be repurposed to attack your organization.

Example 1: Sanitize storage media before disposal using NIST SP 800-88 guidelines: clear for low-sensitivity media, purge for moderate, and destroy for high-sensitivity. Document the sanitization method, date, and personnel who performed it. Keep sanitization certificates for your records.

Example 2: For equipment that cannot be adequately sanitized (like SSDs with wear leveling that prevents complete data erasure), physically destroy the component using an approved method: shredding, degaussing (for magnetic media), or incineration. Use a certified destruction vendor and obtain a certificate of destruction for each batch.