WithPCI Logo
WithPCI.com

9.4.7 Electronic media with cardholder data is destroyed when no longer needed for business or legal reasons via one of the following:

Original requirement from PCI DSS v4.0.1

Defined Approach Requirements

9.4.7 Electronic media with cardholder data is destroyed when no longer needed for business or legal reasons via one of the following:

  • The electronic media is destroyed.
  • The cardholder data is rendered unrecoverable so that it cannot be reconstructed.

Defined Approach Testing Procedures

9.4.7.a Examine the media destruction policy to verify that procedures are defined to destroy electronic media when no longer needed for business or legal reasons in accordance with all elements specified in this requirement.

9.4.7.b Observe the media destruction process and interview responsible personnel to verify that electronic media with cardholder data is destroyed via one of the methods specified in this requirement.

Customized Approach Objective

Cardholder data cannot be recovered from media that has been erased or destroyed.

Applicability Notes

These requirements for media destruction when that media is no longer needed for business or legal reasons are separate and distinct from PCI DSS Requirement 3.2.1, which is for securely deleting cardholder data when no longer needed per the entity's cardholder data retention policies.

Purpose

If steps are not taken to destroy information contained on electronic media when no longer needed, malicious individuals may retrieve information from the disposed media, leading to a data compromise. For example, malicious individuals may use a technique known as "dumpster diving," where they search through trashcans and recycle bins looking for information they can use to launch an attack.

Good Practice

The deletion function in most operating systems allows deleted data to be recovered, so instead, a dedicated secure deletion function or application should be used to make data unrecoverable.

Examples

Methods for securely destroying electronic media include secure wiping in accordance with industry-accepted standards for secure deletion, degaussing, or physical destruction (such as grinding or shredding hard disks).

Further Information

See NIST Special Publication 800-88, Revision 1: Guidelines for Media Sanitization

purpose

Verify destruction of media is performed and documented.

compliance strategies

  • Witness destruction
  • Retain destruction certificates

typical policies

  • Destruction Verification Procedures

common pitfalls

  • No verification process
  • Missing certificates

type

Process Control

difficulty

Low

key risks

  • Unverified destruction may lead to data breach

recommendations

  • Require dual sign-off for destruction

Eligible SAQ

  • SAQ-D MERCHANT
  • SAQ-D SERVICE PROVIDER

Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy