Controls

Terug naar overzicht
Version

SB.6.003 Remote Wipe of Organizational Data

Data Protection
Medium
nvt
nvt
System Owner
v2.0 (Q1 2024)

Description

It is possible for organisational data to be deleted from devices remotely by a device management system, if they actively make a connection or based on an interval without any connection.

Encrypted data to which the keys are made unrecoverable complies with this standard.

Specification

Deletion of data follows NIST Guidelines for Media Sanitization for the level ‘Clear’ or higher: https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final

Example: https://www.umsystem.edu/ums/is/infosec/data-disposal

The recommended period to wipe data after devices have not made a connection should be set taking into account common use-cases, such as employees who regularly spend longer periods without a connection. Employees should be made aware of these restrictions on managed devices on a regular basis.