Domain 2 of 8 · Chapter 2 of 6

Asset Handling

Unlock the complete study guide + 1,040 practice questions across 16 full exams.

Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.

Included in this chapter:

  • Handling is classification turned into operating rules
  • Storage, transport, and the destruction decision
  • Exam-pattern recognition

Security marking vs. security labeling (NIST SP 800-53 distinction)

DimensionSecurity markingSecurity labeling
FormHuman-readable (header, cover sheet, watermark, cartridge tape)Part of the object's data structure (metadata tag, sensitivity attribute)
AudiencePeople who handle the assetSystems that mediate access to the asset
EnforcementManual: a handler reads it and applies the ruleAutomated: a system parses it for access decisions (e.g., mandatory access control)
Typical useDocuments, removable media, printed outputFiles, records, objects under access-control mediation
Fails whenHandler ignores or never sees the markLabel is stripped, spoofed, or not bound to the object

Decision tree

Applying a designation, ordisposing of the asset?DesignationDisposalEnforced by a person,or by a system?PersonSystemMarkingLabelingReusing media, and stayingin organizational control?No reuseDestroyLeaves controlPurgeReuse, in-houseClearAlways: confidentiality picks thecategory, then validate and document

Cheat sheet

  • Handling rules are derived from the classification level, never set per-asset
  • Handling standards must get stricter as classification rises
  • A security marking is human-readable; a person reads it and applies the rule
  • A security label is part of the object's data structure; a system enforces it
  • Pick marking when a person enforces, labeling when a system enforces
  • The sanitization category is chosen by data confidentiality first, media type second
  • Clear resists simple recovery; the media stays reusable
  • Purge resists laboratory recovery, yet keeps the media usable
  • Destroy resists lab recovery AND renders the media itself unusable
  • Media leaving organizational control is the moment that escalates everything
  • Media moving outside a controlled area needs a controlled transport path
  • Storage protection rises by classification tier
  • Sanitization is incomplete until you validate and document it
  • Map the MP control family to the handling actions it governs
  • Cryptographic erase sanitizes the key, not the ciphertext-bearing media
  • Mixed-classification media and documents take the HIGHEST level present

Unlock with Premium — includes all practice exams and the complete study guide.

Also tested in

References

  1. NIST glossary: security marking (SP 800-53 Rev. 5) Whitepaper
  2. NIST glossary: security label (CNSSI 4009-2015 / SP 800-53 Rev. 5) Whitepaper
  3. NIST SP 800-53 Rev. 5 control catalog: Media Protection (MP) family Whitepaper
  4. NIST SP 800-88 Rev. 1: Guidelines for Media Sanitization Whitepaper