NIST SP Rev. 1. Guidelines for Media Sanitization. Executive Summary. The modern storage environment is rapidly evolving. Data . DRAFT Special Publication Revision 1, Guidelines for chuntistsicentcha.cf chuntistsicentcha.cf# Superseded By: SP Rev. 1 Supersedes: SP (August ) Kissel (NIST), Matthew Scholl (NIST), Steven Skolochenko (NIST), Xing Li (NIST) .
|Language:||English, Spanish, Portuguese|
|Distribution:||Free* [*Registration needed]|
Supersedes: SP (September ). Author(s). Richard Kissel (NIST), Andrew Regenscheid (NIST), Matthew Scholl (NIST), Kevin Stine (NIST). In December , the guidelines were revised, making the current version “ NIST Special Publication Rev. 1” (“NIST SP INTRO REVISION 1: Issued in , NIST Special Publication has become the defacto guideline for electronic media sanitization. The original 43 page.
Its principles can apply to magnetic, flash-based, and other storage technologies, from USB drives to servers. In fact, the guidelines are not intended to be technology specific. Instead, the guidelines and workflows this document outlines are intended to apply universally to various media types, including those that may not have yet been invented.
Originally published for government use, NIST has become widely adopted in private industry as the best way to ensure that data is removed from media once that data moves from a more secure to a less secure setting. For that reason, NIST principles come into play whether a media asset is moving from a high level of confidential protection in one department to another, less secure department within the same organization, or whether that device is destined to leave the organization entirely.
This latest update continues to be one of the most widely used data sanitization standards requested or required by the U. DoD Private businesses and organizations within the U. This blog article will provide you with a quick summary of what NIST media sanitization means. It will also provide an overview of how NIST works to prevent unauthorized access to confidential or sensitive business and personal data.
What is Media Sanitization? The authors also emphasize that this process must consider end-of-life sanitization from the very beginning of data storage planning.
That means assessing media and workflows implemented at the early stages of building an information system. NIST sanitization workflow considerations continue through recycling, transferring or permanently retiring media at device or data end-of-life.
There are also many points of vulnerability in between where data could be inappropriately accessed. These can include times of infrastructure maintenance or third-party involvement. At each of these points, the NIST Guidelines point out that it is the confidentiality needs of the data that will drive sanitization decisions, not the media type itself.
Essentially, NIST advocates that users determine what sanitization method to use by: understanding and categorizing the information according to confidentiality levels assessing the nature of the storage medium weighing the risk to confidentiality, and determining how the media is to be used in the future That is, will it be reused within the organization?
Shredded or otherwise rendered unusable?
Once these determinations have been made, the organization can choose what type of sanitization method is most appropriate given any other considerations cost, environmental impact, technology and technical skills available, etc. Ultimately, the goal is to choose a data sanitization solution that most lessens the risk to confidentiality while respecting any other constraints involved. A common data protection vulnerability happens when devices change hands without the original data being adequately removed from the device.
All too often, confidential data moves from a highly protected data storage environment to a much less protected one, simply because operators believe, but have not verified, that data has been sufficiently eradicated. As a result, parties attempting to obtain sensitive information may seek to focus their efforts on alternative access means such as retrieving residual data on media that has left an organization without sufficient sanitization….
Consequently, the application of effective sanitization techniques and tracking of storage media are critical aspects of ensuring that sensitive data is effectively protected by an organization against unauthorized disclosure. Protection of information is paramount.
Traditionally, several other methods have been used to protect against unauthorized access to information stored on old or retired data storage media. As a result, existing degaussers may not have sufficient force to effectively degauss such media.
Dedicated sanitize commands support addressing these areas more effectively.
The use of such commands results in a tradeoff because although they should more thoroughly address all areas of the media, using these commands also requires trust and assurance from the vendor that the commands have been implemented as expected. Shredding—or other physically destructive methods that cut the drive into small pieces—is becoming increasingly challenging.
While this can still be a fully acceptable method if the shred size is small enough, increasingly dense chips are actually damaging conventional shredders see page 7 of the Guidelines.
And, of course, any physical destruction method also means that the device being destroyed is completely unusable, resulting in both environmental and cost impacts. Clear applies logical techniques to sanitize data in all user-addressable storage locations.
This protects against simple, non-invasive data recovery techniques and provides a moderate level of data protection. This can include rewriting with a new value or using a menu option to reset the device to the factory state when rewriting is not supported. The data is then overwritten and verified.
Most devices support some level of Clear sanitization. It does not, however, address hidden or unaddressable areas. Purge applies physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques.
Purge provides a more thorough level of sanitization than Clear and is used for more confidential data. To select the right method of data destruction it is important to consider a number of things; Where does the data carrier go and what security classification does the information have on the data carrier?
A data carrier with low risk information that stays within the organization can be handled differently than a carrier with sensitive information leaving the organization. A more practical example of a data security policy and classification in risks can be found on the Stanford University website. Hard disk drive sanitization To ensure that no data fragments remain on a hard disk when reused, appropriate measures must be taken.
Simply formatting a hard drive is not sufficient to permanently delete all data. There are a large number of different Erase standards, such as the DoD To ensure that all data has been permanently removed, our Erasers offer the following safe erase methods: - DoD Erase This method complies with the security specification Department of Defense. The In addition, the overwrite patterns can be adjusted and a random pattern can be used to improve data security. This makes it possible to simultaneously overwrite up to a hunderd drives.
The reason for this lies in the way in which flash memory is controlled. As a result, when a file is overwritten, the information always enters a different location in the physical memory.
There for it may be concluded that traditional overwriting does not work with flash media.