NIST SP 800-171 & CMMC 2.0 Control 3.7.3 Requirement:

Ensure equipment removed for off-site maintenance is sanitized of any “Controlled Unclassified Information” (CUI).

NIST SP 800-171 & CMMC 2.0 3.7.3 Requirement Explanation:

When you send a hard drive off-site either individually or within a system such as a laptop you can no longer protect it. Encryption does provide protection however it can still be cracked. By wiping the drive you avoid this risk.

Example NIST SP 800-171 & CMMC 2.0 3.7.3 Implementation:

Before you send a device containing a hard drive or any other storage media to a vendor or other party for maintenance you need to either remove or wipe the drive. Even if the drive is encrypted you need to wipe it. You should use the DoD 5220.22-M method to wipe the drive.

NIST SP 800-171 & CMMC 2.0 3.7.3 Scenario(s):

- Scenario 1:

A user has reported that their laptop is constantly crashing. You troubleshoot the issue but are unable to resolve it. You contact the laptop manufacturer. The manufacturer instructs you to ship the laptop to the manufacturer for a motherboard replacement. Before sending the laptop you backup the hard drive and then wipe the data on it using the DoD 5220.22-M method.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.