Episode 53 — A.7.13–7.14 — Equipment maintenance; Secure disposal/re-use

A.7.13 mandates that equipment be maintained correctly to ensure availability, integrity, and safety, with maintenance scheduled, authorized, and recorded. For exam preparation, distinguish preventive maintenance (vendor-recommended service intervals, firmware updates, filter replacements) from corrective maintenance after faults, and remember access controls for maintainers—identity verification, escorting, and least privilege on consoles. Maintenance windows should be risk-assessed, include backout plans, and protect data through backups and change documentation. Candidates should connect maintenance to configuration management: changes to firmware or components must update inventories and baselines so that security monitoring remains accurate, and logs should reflect who performed what, when, and with which parts or images.

A.7.14 governs secure disposal and re-use of equipment and media, ensuring that residual data and configurations cannot be recovered or misused. Approved sanitization methods—cryptographic erase for self-encrypting drives, multi-pass overwrite where applicable, or physical destruction—must be selected based on media type and data classification. Organizations should sanitize before repair, return, sale, or redeployment, and maintain certificates of destruction or erasure reports as evidence. Pitfalls include relying on factory resets that leave data, skipping sanitization for “non-storage” devices with hidden memory (printers, network gear, IoT), and outsourcing disposal without auditing the provider’s process. Mature programs tag assets with disposition states, require dual-person verification for destruction, and random-sample devices post-sanitization. Candidates should be prepared to describe end-to-end lifecycle controls—from maintenance benches with access restrictions to disposal vaults—and how records prove that operational efficiency never overrides the obligation to render sensitive data irretrievable. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.