Dec 14, 2019
National Institute of Science and Technology (NIST), which provides technical leadership for the United States' measurement and standards infrastructure, defines media sanitization as:
"The general process of removing data from storage media, such that there is reasonable assurance that data may not be easily retrieved and reconstructed."
During the transfer or disposal of storage media, it is imperative that the deleted data from storage media (whether residual magnetic, optical, electrical, or any other form) is not recoverable. Sanitization of storage media refers to a process of removing data, with the assurance that the data cannot be retrieved or reconstructed. This is to maintain data privacy standards and smooth exercising of privacy controls. There has to be defined means and mechanisms to protect leakage of sensitive information, across the IT-asset lifecycle.
What is the Need for Media Sanitization?
As per NIST 800-88 guidelines, Media sanitization is the key element to maintain data confidentiality. Organizations need to exercise proper control on 'confidential information' to avoid data leakage that happens due to improper disposal of storage media or reconstruction of ineffectively sanitized e-media/refurbished media. This is to ensure that Personal Identifiable Information (PII) is protected, reference 2.3 of the NIST guidelines. Organizations are required to follow data protection laws, regulations, and mandates governing the management of Personal Identifiable Information (PII). Violations of these laws can result in civil or criminal proceedings. Organizations may also have obligations to protect PII as per their own policies, standards, or management directives.
What is the Scope of Media Sanitization?
NIST 800-88 guidelines for media sanitization & data protection states that the sanitization operation is to be performed on complete data stored on the media, as it may be difficult for media sanitizer to differentiate sensitive data, in particular. Also, partial data sanitization is risky and not approved as per NIST 800-88 standard guidelines. As an example, amongst the flash drives - SSDs, memory cards, and USBs, it is recommended to overwrite the data with an agency approved and certified data erasure techniques, methods & tools. Alternatively, incinerate, shred, pulverize or disintegrate the flash drives, though these are not favorable means of data destruction due to environmental impact, secure media destruction, etc. As per NIST 800-88 guidelines, Solid-state drives (SSDs) cannot be purged by degaussing as these do not store data magnetically. Once the decision for media sanitization is made w.r.t means of sanitization & the type of media then the question arises as to who should be the decision-maker? Who will determine what, when, and how the data is to be sanitized?
Who is Responsible For Secure Data Disposal?
NIST 800-88 data security standard helps categorize and assign media sanitization roles and responsibilities as per the following:
In the decision process of media sanitization, the confidentiality of the information plays a key role, the type of media plays a secondary role. Decision-makers decide upon the kind of sanitization basis requirements of individual cases. The decision is made for the safe disposal of leased or end-of-lifecycle IT assets to tackle data breach situations and meet legal compliances. Physical destruction methods are ruled out as these are not environment-friendly, instead of media sanitization through ITADs is preferred by decision-makers. ITAD's provide safe & certified cost-effective data erasure by using international standards of erasure.
Control & Reuse of Media
NIST 800-88 Guidelines for media sanitization define that the IT asset should be disposed of via a process flow using appropriate roles and responsibilities and the organization must maintain different levels of security based upon the data confidentiality level. Along with, the risk-based decision of sanitizing media, the organization should also consider the following –
Media Sanitization Techniques & Methods
Commonly used media sanitization techniques are data erasure, degaussing, shredding, factory resets, data deletion, reformatting, and physical destruction.
You may like to read the use of NIST 800-88 standard for data erasure.
Media Sanitization Methods as per NIST 800-88 Guidelines:
|Floppy Disks, Disk Drives||Overwrite using agency-approved software||Degauss in an NSA/CSS-approved degausser.||Incinerate Shred|
|ATA Hard drives, SCSI Drives||Overwrite using agency-approved software||Secure Erase, Degauss, or Disassemble and degauss the enclosed platters.||Incinerate Shred Pulverize Disintegrate|
Destroy in the following order –
Remove information using optical disc grinding device
Incinerate using a licensed facility
Use Optical disk media shredder
|Flash Media – USBs, Memory Cards, SSDs||Overwrite using agency-approved software||Secure data erasure||Incinerate Shred Pulverize Disintegrate|
NIST 800-88 guidelines define the processes that guide organizations to have adequate control over the information they possess and safeguard it through proper disposal of used and retired media. Though various techniques are employed to sanitize the media, two factors should be considered foremost – data confidentiality and environmental issues. Data sanitization techniques based on asset destruction are costly, generate massive e-waste, and are not suitable for all types of storage media. On the contrary, data erasure software guarantees media sanitization across all IT assets including HDDs, SSDs, Servers, and more, and also retains the hardware for refurbished use. Software such as BitRaser is NIST 800-88 compliant and generates a certificate for secure and responsible data erasure. It provides an environment-friendly means of media sanitization, with tamper-proof audit trails for data privacy.
|US Department of Defense, DoD 5220.22-M (3 passes)|
|US Department of Defense, DoD 5200.22-M (ECE) (7 passes)|
|US Department of Defense, DoD 5200.28-STD (7 passes)|
|Russian Standard – GOST-R-50739-95 (2 passes)|
|B.Schneier’s algorithm (7 passes)|
|German Standard VSITR (7 passes)|
|Peter Gutmann (35 passes)|
|US Army AR 380-19 (3 passes)|
|North Atlantic Treaty Organization-NATO Standard (7 passes)|
|US Air Force AFSSI 5020 (3 passes)|
|Pfitzner algorithm (33 passes)|
|Canadian RCMP TSSIT OPS-II (4 passes)|
|British HMG IS5 (3 passes)|
|Pseudo-random & Zeroes (2 passes)|
|Random Random Zero (6 passes)|
|British HMG IS5 Baseline standard|
|NAVSO P-5239-26 (3 passes)|
|NCSG-TG-025 (3 passes)|
|5 Customized Algorithms & more|