Handling the tail end of the IT life cycle
Hints from NIST
- By William Jackson
- Apr 27, 2007
The National Institute of Standards and Technology has some advice for agencies getting rid of digital storage media: Shred. Disintegrate. Pulverize. Incinerate. Melt.
These are ways to get rid of disks, tapes and other devices for which the ultimate sanction ' disposal with extreme prejudice ' has been decreed.
NIST Special Publication 800-88, 'Guidelines for Media Sanitization,' lays out the accepted methods for ensuring that sensitive data is not compromised when information technology systems are retired or otherwise eliminated. Getting rid of electronic data can be difficult, and the amount of effort you should expend to do it depends on the type of information and what you plan to do with the computer, disk or hard drive when you are finished with it.
Destroying disks, hard drives and other hardware is the most effective way to protect data, but NIST warns federal law requires that 'whenever possible, excess equipment and media should be made available to schools and nonprofit organizations.' So some risk assessment is required.
NIST defines four levels of sanitization:
- Disposal. The simplest methods, it involves just throwing the media away. It is obviously for the least-sensitive data.
- Clearing. This makes data unretrievable by 'a robust keyboard attack,' which includes the use of recovery utilities. Overwriting is an acceptable means of clearing for undamaged media.
- Purging. A higher level that resists data recovery by sophisticated laboratory attacks. Degaussing is effective for purging, but it cannot be used on nonmagnetic storage, such as CDs and DVDs. The firmware Secure Erase capability in Advanced Technology Attachment hard drives is an overwriting technique that satisfies both Clear and Purge requirements.
- Destroying. What NIST calls the 'ultimate form of sanitization.' Paper and flexible media such as tapes and floppy disks can be shredded. But incineration, pulverization, disintegration or melting are required for more robust hardware. This often must be done at a specialized outside facility that can perform the work effectively and safely.
The first step in selecting the appropriate level and method of sanitization is to categorize the sensitivity of the data using FIPS 199, 'Standards for Security Categorization of Federal Information and Information Systems.' NIST lays out the decision-making process for each category in SP 800-88.
Generally, media with low-sensitivity data can be simply cleared if the agency is going to retain the device but should be purged if the device is leaving the agency's control. For moderate and highly sensitive data, media should be destroyed if it is not being reused.
Media with highly sensitive data can be purged if the agency is retaining the device. If the data is only moderately sensitive the device can be cleared if it will be retained, but must be purged if it is leaving the agency's control.
William Jackson is freelance writer and the author of the CyberEye blog.