ID.AM-08:

Implementation Examples

Ex1: 

Integrate cybersecurity considerations throughout the life cycles of systems, hardware, software, and services

Ex2: 

Integrate cybersecurity considerations into product life cycles

Ex3: 

Identify unofficial uses of technology to meet mission objectives (i.e., shadow IT)

Ex4: 

Periodically identify redundant systems, hardware, software, and services that unnecessarily increase the organization's attack surface

Ex5: 

Properly configure and secure systems, hardware, software, and services prior to their deployment in production

Ex6: 

Update inventories when systems, hardware, software, and services are moved or transferred within the organization

Ex7:

Securely destroy stored data based on the organization's data retention policy using the prescribed destruction method, and keep and manage a record of the destructions

Ex8: 

Securely sanitize data storage when hardware is being retired, decommissioned, reassigned, or sent for repairs or replacement

Ex9:

Offer methods for destroying paper, storage media, and other physical forms of data storage