What's required to overwrite classified data
NISP sets the standards
Getting rid of data on a drive or disk can be difficult, because the hardware is designed to protect and maintain data for as long as possible.
You can erase or reformat a drive, but the data remains accessible to someone with a little forensics know-how and software. Destroying and degaussing a disk are effective, but they also render the hardware unusable. Erasure, which overwrites bits with new bits, can allow people to reuse a drive, although the Defense Department looks on it primarily as an added layer of protection in preparing a drive for destruction when the hardware carries classified data.
ALSO IN THIS REPORT:
Reusing hardware: Erase data but leave an audit trail
The National Industrial Security Program manages the requirements for private-sector contractors that have access to classified information. The NISP Operating Manual, DOD 5220.22-M, outlines requirements for getting rid of classified digital data. The manual recognizes two levels: clearing and sanitizing.
Blancco, which produces a tool that Santa Barbara County, Calif., and other federal and local agencies use, has begun the National Information Assurance Partnership's Common Criteria evaluation process. However, no overwriting product or process so far has completed evaluation for sanitizing. NISP uses National Security Agency guidance on overwriting in preparation for disposal or recycling, but it does not authorize use of overwriting for sanitization or downgrading — that is, release of hardware that processed classified information for use at a lower classification level.
Blancco said a German lab has certified its equipment as meeting DOD 5220.22-M requirements for overwriting data three or seven times with a predefined bit pattern.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.