Apply industry accepted methods for the secure disposal of data from storage media such that data is not recoverable by any forensic means.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DSP-02 | Secure Disposal | mitigates | T1052 | Exfiltration Over Physical Medium |
Comments
Adversaries may attempt to exfiltrate data via a physical medium, such as removable drives. This control ensures that storage media is securely and irreversibly sanitized using industry‑accepted methods to prevent data recovery, thereby mitigating attacker techniques such as data remanence exploitation, forensic recovery, and unauthorized access to residual sensitive information from discarded or repurposed devices.
|
| DSP-02 | Secure Disposal | mitigates | T1091 | Replication Through Removable Media |
Comments
Adversaries may may attempt to connect and distribute malware via removable storage. In initial access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself. This control ensures that storage media is securely and irreversibly sanitized using industry‑accepted methods to prevent data recovery, thereby mitigating attacker techniques such as data remanence exploitation, forensic recovery, and unauthorized access to residual sensitive information from discarded or repurposed devices.
|