Remove the data, remove the risk! Securely & Permanently Erase Hard Drives With WipeDrive Enterprise.

Share on facebook
Share on twitter
Share on linkedin
cmmc

Media Sanitization Requirements for CMMC

WipeDrive provides all U.S. Defense Contractors with low-cost data sanitization tools to meet CMMC requirements.

The new CMMC framework for U.S. Defense Contractors modernizes the protection of data and media sanitization requirements.

Previously, the protection of data was the responsibility of an organization through self-assessment. This method led to errors in the self-assessed safety of data in the hands of U.S. Defense Contractors and other organizations. Some of these errors caused data breaches and other significant data losses (1). The Cybersecurity Maturity Model Certification framework was designed and implemented in 2019 to provide a new methodology for the control and access of data(2).

When a DoD contractor is compliant with CMMC it confirms the organization’s ability to protect CUI (Classified Uncontrolled Information) and FCI (Federal Contract Information). To reach compliance DoD contractors must work with a third-party assessor that evaluates a contractor’s capabilities across five levels over various domains. FCI sanitization is required in all fie levels of the Media Protection domain. CUI data sanitization is required at the three advanced levels of the Asset Management and Maintenance domains. The DoD contractor is then graded on the results of their performance in these domains.

On November 4, 2021, the DoD announced the release of CMMC 2.0 with streamlined requirements WipeDrive has been found in compliance with all the CMMC’s media sanitization requirements. The following table provides the CMMC requirements and a description of how WipeDrive aids U.S. Defense Contractors in meeting these requirements.

CMC Requirement:
Level 1 Basic Cyber Hygiene – Domain: Media Protection (MP) – Practice: MP.1.118: Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.
WipeDrive Compliance:
WipeDrive’s certified erasure software ensures the complete sanitization of any digital media storage device. WipeDrive is compliant to NIST SP 800-88 media sanitization guidelines and can be deployed on workstations (PC/Mac), servers, loose drives, VMs, mobile devices (Android/iOS) and flash media.

WipeDrive provides a certification of erasure for each storage device. These reports are auditable, tamper-proof, hash-encrypted, and meet CMMC media sanitization requirements.

CMC Requirement:
Level 3 Good Cyber Hygiene – Domain: Asset Management (AM) – Practice: AM.3.036: Define procedures for the handling of CUI data.

“The organization should define procedures for the proper handling of CUI. These procedures typically involve establishing controls to protect and sustain sensitive information. Examples of controls an organization may implement through data handling procedures include policies (data categorization, protection, disposal, backup), access controls for data, regular backups and physical security protections.”

WipeDrive Compliance:
Data storage devices that store CUI must be properly disposed of to meet NIST SP 800-88 requirements. WipeDrive provides secure erasure of these devices at any contractor location. This includes phones, tablets, flash media and any other storage device.

Auditable reports are created for each drive and the WipeDrive API allows these reports to be stored into a contractor’s ERP (enterprise resource planning) system for future audits.

CMC Requirement:
Level 3 Good Cyber Hygiene – Domain: Maintenance (MA) – Practice: MA.3.115: Ensure equipment removed for off-site maintenance is sanitized of any CUI.
WipeDrive Compliance:
Prior to equipment being removed from a contractor’s location, WipeDrive can be deployed on any device from command line, remote access, USB, PXE network and many other deployments. WipeDrive complies with the CMMC requirement by overwriting with a fixed pattern of binary zeros and provides a purge level (secure erase) as well. The purge level is required for SSD’s and flash media that have different storage mechanisms that cannot be accessed without implementing NIST Clear or Purge commands.

WipeDrive securely erases these devices effortlessly and quickly, allowing the DoD Contractor to quickly move through their project.

For more information on how WipeDrive can help you’re Department of Defense contractor meet CMMC data sanitization requirements, please contact our Sales Team for a demo at 801.224.8900

Share on facebook
Share on twitter
Share on linkedin