Zoran's Blog: Guidelines for Media Sanitisation

Download Your Free Guide to Learn More About Data Erasure!

The most up-to-date standard for data sanitisation is NIST 800-88. Created by the US National Institute of Standards and Technology, and sponsored by the Department of Homeland Security, NIST 800-88:
http://csrc.nist.gov/publications/drafts/800-88-rev1/sp800_88_r1_draft.pdf

The older US Department of Defense sanitizing standard DoD 5220.22-M recommends the approach "Overwrite all addressable locations with a character, its complement, then a random character and verify".
http://www.oregon.gov/DAS/OP/docs/policy/state/107-009-005_Exhibit_B.pdf

The Australian Government Information Security Manual (ISM) states (on p144):
http://www.asd.gov.au/publications/Information_Security_Manual_2014_Controls.pdf
Non–volatile magnetic media sanitisation: "Overwriting the media at least once in its entirety with a random pattern followed by a read back for verification."
Non–volatile flash memory media sanitisation: "Volatile flash memory media by overwriting the media at least twice in its entirety with a random pattern, followed by a read back for verification."

Yet, it may be overly paranoid to overwrite the data on magnetic media:
http://grot.com/wordpress/?p=154

Zoran's Blog

Saturday, 7 June 2014

Guidelines for Media Sanitisation

No comments:

Post a Comment