Standards to be complied with in erasing disks
Various standards have been established for disk erasing since the 1990s,
centered on the national institutions of the United States. However, due to the
recent increase in disk capacity and the spread of memory media such as SSDs,
the methods required for erasing have changed significantly.
"Green
Pepper PRO" complies with "US Army Information Systems Security AR380-19"(Feb.
1998) for 3 writings and "US Secretary of Defense DoD5220.22-M Supplement
1"(Feb. 1995) for 4 writings + verification. However, these standards are
obsolete and are moving in recent years to the National Institute of Standards
and Technology (NIST SP 800-88 Rev1) (December 2014), which was revised in
December 2014. NIST 800-88 does not simply define the writing pattern for
erasing, but also mentions how to determine how to dispose of it, and how to
handle each individual medium such as HDD and SSD. It is recommended that
the person in charge of erasing read it.
US Army AR380-19 standards
US Army Information Systems Security (AR380-19) 27-Feb-98
Overwrite 3 times
Appendix F Clearing, Sanitizing, and Releasing Computer Components
Overwrite all locations three times (first with random character, second time
with a specified character, third time with the compliment of the specified
character. US Secretary of Defense
DoD5220.22-M standards
Secretary of Defense DoD5220.22-M Supplement 1 Feb-95
Overwrite 3 times and verify
Overwrite all locations with a character, its complement, then with a random
character. Verify that all sectors have been overwritten and that no new bad
sectors have occurred.
In the subsequent revised editions, the erasure method is left to the CSA, and
there is no mention of the specific method.
CSA: Cognizant Security
Agency. These agencies include the Department of Defense (DoD), Department of
Energy (DOE), Central Intelligence Agency (CIA), and Nuclear Regulatory
Commission (NRC).
DoD5220.22-M Feb-2006 Clearing and Sanitization.
Instructions on clearing, sanitization and release of IS(Information system)
media shall be issued by the accrediting CSA.
DoD5220.22-M
Incorporating Change 1 ,Mar-2013 Clearing and Sanitization.
Instructions on clearing, sanitization and release of IS media shall be issued
by the accrediting CSA.
DoD5220.22-M Incorporating Change 2
,May-2016 Sanitize or destroy ISs media before disposal or release
for reuse in accordance with procedures established by the CSA.
Only in
the following unofficial revisions, you can see the description of the deletion
method as an informal comment.
DoD 5220.22-M Incorporating
Change 1 with inline ISLs Compiled May 2, 2014 Non-Removable Rigid
Disk: Overwrite all addressable locations with a single character.
NIST SP 800-88 standards
NIST: National Institute of Standards and Technology
NIST Special Publication 800-88 Guidelines for Media Sanitization
(NIST SP 800-88) September, 2006
Drives after 2001, Overwriting once is adequate
That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by
overwriting the media once is adequate to protect the media from both keyboard
and laboratory attack.
4 types of sanitization
Disposal, Clearing, Purging, Destroying
Decide on the appropriate type of sanitization. The selected type should be
assessed as to cost, environmental impact, etc.,
Determining what type of sanitization
Make decisions by considering factors such as the importance of security, reuse,
or leaving your organization's control. In addition, it is necessary to confirm
the process and document it.
Media Sanitization Decision Matrix
Media Type
|
Clear
|
Purge
|
Physical Destruction
|
Floppies |
Overwriting
|
Degauss |
incinerate, shred |
ATA Hard Drives |
Overwriting |
Secure Erase
Degauss |
disintegrate, shred, pulverize, incinerate |
Other (SCSI,SAS)
Hard Drives |
Overwriting |
Degauss |
disintegrate, shred, pulverize, incinerate |
Compact Flash Drives, SD |
Overwriting |
Physical Destruction |
disintegrate, shred, pulverize, incinerate |
USB Removable Media |
Overwriting |
Clear |
disintegrate, shred, pulverize, incinerate |
|
NIST Special Publication 800-88 Guidelines for Media Sanitization
(NIST SP 800-88) Revision 1 December, 2014
For magnetic media, a single overwrite hinders
recovery of data
For storage devices containing magnetic media, a single overwrite pass with a
fixed pattern such as binary zeros typically hinders recovery of data even if
state of the art laboratory techniques are applied to attempt to retrieve the
data. One major drawback of relying solely upon the native Read and Write
interface for performing the overwrite procedure is that areas not currently
mapped to active Logical Block Addressing (LBA) addresses (e.g., defect areas
and currently unallocated space) are not addressed.
3 actions that can be taken to sanitize media
Clear: applies logical techniques to sanitize data in all
user-addressable storage locations for protection against simple non-invasive
data recovery techniques Purge: applies physical or
logical techniques that render Target Data recovery infeasible using state of
the art laboratory techniques. Destroy: renders Target
Data recovery infeasible using state of the art laboratory techniques and
results in the subsequent inability to use the media for storage of data.
Making decisions of disposition
Make decisions by considering factors such as the importance of security,
reuse, or leaving your organization's control. In addition, it is necessary to
confirm the process and document it.
Processing method in each media
media
|
Clear
|
Purge
|
Physical Destruction
|
Floppies |
Overwrite all accessible
area at least a single write pass with a fixed data value. |
Degauss |
incinerate, shred |
ATA(PATA,SATA)
Fixed Magnetic Disks |
Overwrite all accessible
area at least a single write pass with a fixed data value.
Verification must performed, should cover at least 10% of
the media. |
Execute SANITIZE.
(OVERWRITE,CRYPTO_SCRAMBLE)
Execute SECURE_ERASE.
(SANITIZE commands are preferred)
Verification must
performed, should cover at least 10% of the media.
or
Degauss |
disintegrate, shred,
pulverize, incinerate |
ATA(PATA,SATA)
SSD |
Overwrite all accessible
area at least a single write pass with a fixed data value.
Execute SECURE_ERASE.
Verification must performed,
should cover at least 10% of the media.
|
Execute SANITIZE.
(OVERWRITE,CRYPTO_SCRAMBLE)
Verification must
performed, should cover at least 10% of the media.
|
disintegrate, shred,
pulverize, incinerate |
SCSI
(SCSI,SAS) Fixed Magnetic Disks |
Overwrite all accessible
area at least a single write pass with a fixed data value.
Verification must performed, should cover at least 10% of
the media. |
Execute SCSI SANITIZE.
(OVER WRITE, CRYPTOGRAPHIC ERASE)
Verification must
performed, should cover at least 10% of the media.
or
Degauss |
disintegrate, shred,
pulverize, incinerate |
NVMe (SSD) |
Overwrite all accessible
area at least a single write pass with a fixed data value.
Verification must performed, should cover at least 10% of
the media. |
Execute NVMe FORMAT (User
Data Erase, Cryptographic erase)
Verification must
performed, should cover at least 10% of the media. |
disintegrate, shred,
pulverize, incinerate |
Memory Cards
(SD, MMC, etc.) |
Overwrite all accessible
area at least a single write pass with a fixed data value. |
N/A |
disintegrate, shred,
pulverize, incinerate |
USB Removable
Media |
Overwrite all accessible
area at least a single write pass with a fixed data value. |
Execute SANITIZE (if
supported) |
disintegrate, shred,
pulverize, incinerate |
|
|