CMMC Dumpster Diving

What is Dumpster Diving and how does it relate to the cybersecurity maturity model certification (CMMC)?

In the world of cybersecurity, dumpster diving is a technique used to get information that could be used to carry out a cyberattack by searching for useful information in the trash. This can include passwords written on paper, important documentation that can provide information on IT systems, PII, or any other confidential information.

Join our newsletter:

How can companies protect against dumpster diving?

Companies that dispose of information via the trash/dumpster have multiple ways to protect against dumpster diving. One way to protect against dumpster diving is to ensure their garbage is secured behind a fence and lock. Another way to protect against dumpster diving is shredding every bit of information put in the trash. This includes shredding paper, microfilm, and even digital storage devices such as hard drives. Labelling sensitive documents as "confidential" can let employees know that these documents need to be shredded prior to disposal. Another technique is to try and go paperless. It is much easier to track and secure electronic documents than it is to secure paper documents.

How do government agencies protect against dumpster diving?

Government agencies will simply tend to shred and burn any material so that there’s no possible way to reconstruct them.
Shredding paper properly is critical, this image demonstrates the results of various shredding methods.

How to provide cybersecurity training in relation to dumpster diving?

Employees need to be trained to use company shredders and to properly label sensitive documents. This will reduce the chance of them throwing away sensitive documents.

How does dumpster diving relate to CMMC?

CMMC practices related to encryption appear in the media protection security domain. Companies are required to "sanitize or destroy information system media containing federal contract information or controlled unclassified information before disposal or release for reuse.". We have a comprehensive article on how to properly achieve this here https://www.cubcyber.com/destroying-digital-and-non-digital-media.
If you would like more information on CMMC related requirements feel free to reach out to us at info@cubcyber.com.
 

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:

 /assets/images/app/complaince_accelerator.gif

Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
 /assets/images/app/quantum_accelerator.gif

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
 /assets/images/app/supply_chain_verifier.gif

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.