Methods in Data Destruction

data destructionNAVSO P-5239-26:
Jul 30 /
Mattadlard Mattadlard /
0

Data Sanitization Methods in Data Destruction Programs

Data sanitization is the process of securely overwriting data on a storage device to prevent its recovery. There are various data sanitization methods available in data destruction programs, each with its own characteristics and effectiveness. In this article, we will explore several popular data sanitization methods and the organizations behind their development.

Secure Erase:

Secure Erase is a robust method available in the firmware of PATA and SATA hard drives. It is considered highly effective because it is performed directly by the drive itself, which originally wrote the data. The National Institute of Standards and Technology (NIST) recommends that software-based data sanitation methods should use a hard drive’s Secure Erase commands.

DoD 5220.22-M:

The DoD 5220.22-M sanitization method was initially defined by the US National Industrial Security Program. It involves three passes of overwriting: one pass with zeros, one pass with ones, and one pass with random characters. However, this method is no longer permitted for use by several US government agencies.

NCSC-TG-025:

The NCSC-TG-025 sanitization method was defined in the Forest Green Book by the National Computer Security Center. It is similar to DoD 5220.22-M and involves overwriting with zeros, ones, and random characters. However, it is no longer a data sanitization standard for the NSA.

AFSSI-5020:

The AFSSI-5020 sanitization method was defined by the United States Air Force. It involves three passes of overwriting: one pass with zeros, one pass with ones, and one pass with random characters.

AR 380-19:

The AR 380-19 sanitization method was defined in Army Regulation 380-19. It involves three passes of overwriting: one pass with a random character, one pass with a specified character (e.g., zero), and one pass with the complement of the specified character (i.e., one).

NAVSO P-5239-26:

The NAVSO P-5239-26 sanitization method was defined in Navy Staff Office Publication 5239 Module 26. It involves three passes of overwriting: one pass with a specified character (e.g., one), one pass with the complement of the specified character (e.g., zero), and one pass with random characters.

RCMP TSSIT OPS-II:

The RCMP TSSIT OPS-II sanitization method was defined in the Technical Security Standards for Information Technology document published by the Royal Canadian Mounted Police (RCMP). It involves seven passes of overwriting: alternating zeros and ones, followed by a pass with random characters.

CSEC ITSG-06:

The CSEC ITSG-06 sanitization method was defined in IT Security Guidance 06 published by Communication Security Establishment Canada (CSEC). It involves three passes of overwriting: one pass with a one or zero, one pass with the complement of the previous character, and one pass with random characters.

HMG IS5:

The HMG IS5 sanitization method was defined in the HMG IA/IS 5 Secure Sanitisation of Protectively Marked Information or Sensitive Information document. It has two versions: HMG IS5 Baseline, which involves overwriting with zeros and a pass with random characters, and HMG IS5 Enhanced, which involves overwriting with zeros, ones, and random characters.

GOST R 50739-95:

GOST R 50739-95 is an originally Russian set of standards designed to protect against unauthorized access to information. There are different implementations of this method, but commonly, it involves either one pass with a zero or one pass with a random character.

Gutmann:

The Gutmann method, developed by Peter Gutmann, involves 35 passes of overwriting with random characters. However, it is considered excessive for modern hard drives and is not necessary for effective data sanitization.

Schneier:

The Schneier method, developed by Bruce Schneier, involves overwriting with ones, zeros, and multiple passes with random characters.

Pfitzner:

The Pfitzner method, developed by Roy Pfitzner, involves multiple passes of overwriting with random characters. It is sometimes implemented with seven passes.

Random Data:

The Random Data method involves overwriting with random characters. The number of passes can be customized based on the user’s preference.

Write Zero:

The Write Zero method, also known as Single Overwrite, involves a single pass of overwriting with zeros.

So In conclusion

Many data sanitization methods are available, each with its own approach to secure data erasure. While a single overwrite with a random character or zero is usually sufficient to prevent data recovery, some organizations may prefer specific methods for compliance or to demonstrate a higher level of data security. It is essential to choose a method that aligns with your organization’s requirements and follows industry best practices for data sanitization.

Tags:

AFSSI-5020:Securing Digital Information

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *

What people are Saying
    Networking

    Tabletop Collective

    Industry Social