☆ Governing regulations:
-- Data/Information privacy includes the regulations required for companies to protect data
* GDPR (General Data Protection Regulation) Since May2018, HIPAA (Health Information Privacy and
Portability Act), GLBA (Gramm-leach-Bliley Act), CCPA (California Consumer Privacy Act) (1st January 2020)
* The efficient and effective management of information from inception through disposition is the responsibility
of all those who have handled the data
☆ Data Sanitization:
All Organizations handling data are responsible for effectively sanitizing media as the potential is substantial for
sensitive data to be collected and retained on the media
☆ Data Sanitization Standards:
NIST 800-88, DoD 5220.22-M ECE, CESG CPA – Higher Level, HMG Infosec Standard 5, Higher Standard
From NIST standard 800-88 r1 :
Page 24: It is still possible to recover data from a drilled hole, as the data is still accessible if recovered by advanced laboratory techniques
Page 32.33 : Overwriting is identified as “Clear” in NIST spec without any risk or concern that the data can be identified / documented again
From NISPOM DoD :
This document apply to all government organizations, DoD agencies, organizations, and contractors participating in the administration or performance of DoD SAPs
DoD 3 (3-Pass) 8-5-3: It is mandatary to overwrite three times to clean magnetic disks
From DoD 5220.22 – M Clearing and Sanitization Matrix (supplement of DOD NISPOM):
Data Eradication Methods: Overwriting all areas (in each rewrite) with a single character is necessary
From DoD 5220.22 – M (ECE) [supplement of DOD NISPOM] :
This method is an extended variant of the DoD 5220.22-M. This variant of the DoD Standard uses overwriting of the data for seven runs. Here the data is overwritten two times by using the DoD 5220.22-M (E) standard and one time with random value DoD 5220.22-M (C).
DoD 7 (7-Pass) :
-- Wiping :
-- Verification : Read and verify entire surface with pseudo random pattern 2
-- NIST SP800-88 Rev1 Guideline for Media Sanitization
-- Certified erasure of all user data
* All addressable sectors
* All warehouse areas
-- DoD – 3 Pass (NIST Clear)
1. Read drive info – begin
2. Write all (AAh) * (1st write, 1010’s for only 3 pass)
3. Erase * (Only for 3 pass)
4. Write all (55h) * (2nd write, 0101’s for only 3 pass)
5. Write all (00h)
6. Sample verify
7. Read drive info – end
8. Generate certificate file
-- Provided in SRMS proprietary web app
-- HDD must be fully functional and that no HDD repair will be performed
* May combine with NORS standard Test or Repair Packages
-- Does not support dual-drive HDDs (WD ”Black2” HDDs)
-- Supports 3.5” form factor in native configuration. 2.5” HDDs require adaptor
