Thursday, September 27, 2012

NIST Drafting Guide on Media Sanitization

Evolving Storage Environment Creates Need for Revised Guidance

The National Institute of Standards and Technology is revising guidance aimed to help organizations sanitize data based on the confidentiality of stored information. Draft NIST Special Publication 800-88 Revision 1: Guidelines for Media Sanitization discusses methods, techniques and best practices for the sanitization of data on different types of media, employing risk-based approaches to establish and maintain a media sanitization program.

The revised guidance doesn't specifically address all known types of media, but it does describe a sanitization decision process that can be applied universally. NIST is seeking public comment on the draft guidance to consider before issuing a final report.

Comments should be submitted to by Nov. 30.

Simply, sanitization makes accessing data on media unfeasible. The proposed guidance identifies three sanitization models:

Clear: Applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques. It's typically applied through the standard read and write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state, where rewriting is not supported.

Purge: Prescribes physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques.

Destroy: Renders target data recovery infeasible using state-of-the-art laboratory techniques and results in the subsequent inability to use the media for storage of data.

No comments: