In a CMMC Level 2 assessment, media sanitization control 3.8.3 is binary in a way most controls aren't: the serialized disposition record either exists, or it doesn't. There's no configuration to re-check and nothing to coach into place during the assessment.
The team examines the policy and certificates, interviews the disposition owner, and tests by tracing a sampled serial from its inventory retirement entry to its destruction record. When that evidence already exists — a certificate naming the device by serial, citing the NIST 800-88 method by media type, backed by chain of custody and a downstream qualified through R2v3 and NAID AAA — the objective resolves in minutes.
"We use a recycler" answers the logistics question, not the evidence question. CyberCrunch produces serialized, sampleable disposition evidence by default — so 3.8.3 is a clean MET on the first pass, not a follow-up request.
Serialized NIST 800-88 destruction, documented chain of custody, qualified downstream — the evidence set that resolves 3.8.3 in the room.