Data, documentation, tools, or system components can be disposed of at any time during the system development life cycle. Opportunities for compromise during disposal affect physical and logical data, including system documentation in paper-based or digital files; shipping and delivery documentation; memory sticks with software code; or complete routers or servers that include permanent media, which contain sensitive or proprietary information.

• This control applies to the Information Resource Owner or designee.

• 1

  The Information Resource Owner or designee is responsible to dispose of data, documentation, tools, or system components using techniques and methods described in Security Control MP-6 Media Sanitization.