What is Dumpster Diving and how does it relate to the cybersecurity maturity model certification (CMMC)?

Companies that dispose of information via the trash/dumpster have multiple ways to protect against dumpster diving. One way to protect against dumpster diving is to ensure their garbage is secured behind a fence and lock. Another way to protect against dumpster diving is shredding every bit of information put in the trash. This includes shredding paper, microfilm, and even digital storage devices such as hard drives. Labelling sensitive documents as "confidential" can let employees know that these documents need to be shredded prior to disposal. Another technique is to try and go paperless. It is much easier to track and secure electronic documents than it is to secure paper documents.

Government agencies will simply tend to shred and burn any material so that there’s no possible way to reconstruct them.

Employees need to be trained to use company shredders and to properly label sensitive documents. This will reduce the chance of them throwing away sensitive documents.

CMMC practices related to encryption appear in the media protection security domain. Companies are required to "sanitize or destroy information system media containing federal contract information or controlled unclassified information before disposal or release for reuse.". We have a comprehensive article on how to properly achieve this here https://www.lakeridge.io/destroying-digital-and-non-digital-media.

If you would like more information on CMMC related requirements feel free to reach out to us at info@lakeridge.io.