CMMC Dumpster Diving

What is Dumpster Diving and how does it relate to the cybersecurity maturity model certification (CMMC)?

In the world of cybersecurity, dumpster diving is a technique used to get information that could be used to carry out a cyberattack by searching for useful information in the trash. This can include passwords written on paper, important documentation that can provide information on IT systems, PII, or any other confidential information.

Join our newsletter:

How can companies protect against dumpster diving?

Companies that dispose of information via the trash/dumpster have multiple ways to protect against dumpster diving. One way to protect against dumpster diving is to ensure their garbage is secured behind a fence and lock. Another way to protect against dumpster diving is shredding every bit of information put in the trash. This includes shredding paper, microfilm, and even digital storage devices such as hard drives. Labelling sensitive documents as "confidential" can let employees know that these documents need to be shredded prior to disposal. Another technique is to try and go paperless. It is much easier to track and secure electronic documents than it is to secure paper documents.

How do government agencies protect against dumpster diving?

Government agencies will simply tend to shred and burn any material so that there’s no possible way to reconstruct them.
Shredding paper properly is critical, this image demonstrates the results of various shredding methods.

How to provide cybersecurity training in relation to dumpster diving?

Employees need to be trained to use company shredders and to properly label sensitive documents. This will reduce the chance of them throwing away sensitive documents.

How does dumpster diving relate to CMMC?

CMMC practices related to encryption appear in the media protection security domain. Companies are required to "sanitize or destroy information system media containing federal contract information or controlled unclassified information before disposal or release for reuse.". We have a comprehensive article on how to properly achieve this here https://www.lakeridge.us/destroying-digital-and-non-digital-media.
If you would like more information on CMMC related requirements feel free to reach out to us at info@lakeridge.us.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.