Data Sanitization Policy
The Department of Defense is no longer the Cognizant Security Authority (CSA) for the US Government. This responsibility has been replaced by the National Institute of Standards and Technology (NIST). The NIST developed a guide in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. PCs for People’s data sanitization policy was adopted in part from this guide, Publication 800-88, NIST’s Media Sanitization Guide. We provide four forms of data sanitization: Format, Clear, Purge and Destruction. See the table below for more information.
| Format |
A simple format or deletion of information can easily be recovered using a file recovery utility. This method will only be used if a donor specifies there is no sensitive data (business, medical, or personal financial information) on a donated hard drive or the hard drive has already been cleared, purged or destroyed and validated by the donor. This method is required to reinstall an operating system so will be completed even if hard drive is cleared or purged. In order to use any cleared or purged HDDs we:
|
| Clearing |
Clearing information is a level of media sanitization that would protect the confidentiality of information against a robust keyboard attack and is accomplished by using Boot and Nuke (DBAN). Clearing is used when simple deletion or format of items would not suffice for data sanitization. Clearing prevents retrieval of information by data, disk, or file recovery utilities. It is resistant to keystroke recovery attempts executed from standard input devices and from data scavenging tools. This process includes overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also all addressable locations. The security goal of the overwriting process is to replace written data with random data. Overwriting cannot be used for media that is damaged or not rewriteable. |
|
Purging |
*Recommend when possible Purging information is a media sanitization process that protects the confidentiality of information against a laboratory attack. A laboratory attack would involve a threat with the resources and knowledge to use nonstandard systems to conduct data recovery attempts on media outside their normal operating environment. This type of attack involves using signal processing equipment to read slight differences in the magnetization on the disk that is analyzed to reconstruct date by sophisticated software and specially trained personnel. Purging can be achieved by executing the Federally-approved (NIST 800-88) Secure Erase command in the ATA ANSI standard, which is implemented in all recent (2001 and newer) ATA drives greater than 15-20 GB. |
|
Destruction |
Destruction of media is the ultimate form of sanitization. If destruction is decided upon due to the high security categorization of the information, a small fee may be assessed to help offset the cost required to replace the hard drive. This will be determined on a case by case basis and depend on the size of the donation. Physical destruction can be accomplished using a variety of methods, including disintegration, incineration, pulverizing, shredding, and melting. When material is disintegrated or shredded all residues are reduced to nominal edge dimensions of five millimeters (5 mm) and surface area of twenty-five square millimeters (25 mm2). |