Certified Cybersecurity Maturity Model Certification (CMMC) Professional (CCP) Practice Exam

What must be sanitized or destroyed before media disposal or reuse?

• A. Outdated software
• B. Information system media containing Federal Contract Information
• C. Temporary files
• D. User-generated content

The correct answer is: Information system media containing Federal Contract Information

The requirement for sanitizing or destroying media before disposal or reuse primarily pertains to information system media that contains sensitive data, such as Federal Contract Information (FCI). FCI refers to any information provided by or generated for the government under a contract and is subject to specific security controls to protect its confidentiality and integrity. Sanitizing or destroying this type of information is critical because if sensitive data is not properly handled, it could be inadvertently accessed or retrieved by unauthorized individuals, which could lead to data breaches, loss of trust, or other security incidents. The CMMC framework emphasizes the importance of protecting sensitive information throughout its lifecycle, which includes the necessary precautionary measures before disposing of or reusing media that may still hold valuable and classified information. Other options, while they may deal with data management or security in some capacity, do not pertain to the requirement for sanitization or destruction at the media disposition stage as the FCI does. Thus, the correct focus on Federal Contract Information highlights its critical nature in maintaining national security and compliance with CMMC standards.