Versions Compared

Old Version 8

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Lyons, Andrew H

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

1. Objective

The objective of this document is to establish procedures for the implementation of the University’s Media Disposal, Destruction, and Redeployment Protocol. Primarily, these procedures explain the process of preparing media for redeployment (reassignment), as well as offering additional resources and tools for erasing data.

2. General Principles

2.1. Reasonable steps must be taken to ensure that all Business Information is rendered unrecoverable prior to reuse or disposal of the media on which it is stored.

...

2.3. Transfer of equipment to the Office of Equipment Management for disposal, surplus or redeployment must include a certification that the media has been appropriately sanitized.

3. Procedures

The following media transfers are common at the University and each entails different sanitization methods. 

...

DOD 5220.22 Standard—Triple Overwrite of data with verification. Write all locations with a pattern; write with the compliment; write with a random pattern; verify.

3.1 Examples

Reconfiguration Only:  A computer or other media is reconfigured for the same individual or set of individuals; there is no change in access.

...

  • Risk: Media with data is leaving control of the University; media is accessible to laboratory attack. Last Updated May 16, 2011 
  • Minimum action: Unless vendor has a contractual agreement to maintain data security, media should be degaussed before returning to vendor. Note: Degaussing of hard disks will almost certainly render the standard warranty invalid unless a “retain your media” option has been purchased. 

4. Additional Resources

Resources for Media Sanitization

https://cmrr.ucsd.edu/_files/data-sanitization-tutorial.pdf

http://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

Hard Disks: Windows

UCSD ATA Secure Erase Utility, https://cmrr.ucsd.edu/resources/secure-erase.html. Be sure that the proper ATA protocol has been implemented by the manufacturer.

...

WipeDrive, http://www.whitecanyon.com/wipedrive-erase-hard-drive.php

Hard Disks: Apple OSX

https://support.apple.com/en-us/HT2281

...

https://support.apple.com/kb/TA26834?locale=en_US

Unix

www.giac.org/practical/gsec/Ken_Hatfield_GSEC.pdfLinux

Solaris

http://www.sun.com/software/solaris/trustedsolaris/ts_tech_faq/purge.xml 

Cell Phones

http://smallbusiness.chron.com/wipe-data-cache-android-31671.html

http://support.apple.com/kb/HT2110

PalmOS

https://help.act.com/hc/en-us/articles/360024407793; Describes all sorts of Resets.

Blackberry Devices

http://www.blackberry.com; Knowledgebase article kb-02318, “How to delete all data, or all data and applications on the BlackBerry device.”

  1. Enter kb-02318 in the search engine on the top right.
  2. Open the document. Select BlackBerry Technical Solution Center in the top left.
  3. In the search engine under BlackBerry Technical Solution enter kb02318;
  4. Select the article “How to delete all data or all data and applications on the BlackBerry Smartphone”.
  5. Select the Wipe Handheld option and follow the instructions.

Flash media (thumb drives, memory cards and other solid state drives)

Due to the manner in which data is written to solid state drives (SSD), a process that makes extensive use of randomization, tools that are effective in erasing fixed media will meet with varying degrees of success when used on SSDs. Given that, an SSD would require a highly sophisticated “laboratory attack” to recover lost data. All but the most sensitive data can be considered effectively erased using fixed media overwrite tools. To absolutely guarantee nonrecovery, the drive should be physically destroyed.

CD, DVD, floppy disks

Cross-cut shredding, or other means of physical destruction. AIX, SGI, SANS, NAS and tape drives Use tools recommended by the manufacturer.

Published Materials

R. Kissel, M Scholl, S Skolochenko and L Xing. Guidelines for Media Sanitization: Recommendations of the National Institutes of Standards and Technology. NIST Special Publication 800-88. DOD 5220.22 Standard: Automated Information System Security. Chapter 8, especially the Clearing and Sanitization Matrix.

...

Last Updated May 16September 23, 20112019