Secure data erasure: Difference between revisions
Jump to navigation
Jump to search
(Created page with " == Introduction == === Certified data erasure === After conclusion of a troubleshooting mission, it is COMCERT's policy to completely remove all data collected during the m...") |
No edit summary |
||
| (10 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
== Introduction == | == Introduction == | ||
After conclusion of a troubleshooting mission, it is COMCERT's policy to completely remove all data from the tool's HDD and SDD by reimaging the server. | |||
We also offer optional data erasure with certified data erasure software. | |||
Please note that wiping a server can take from a couple of hours to more than a week and may include an extension of the rental period. | |||
| | ||
| Line 12: | Line 12: | ||
== Solution == | == Solution == | ||
=== Supported erasure standards === | | ||
{{#invoke:Message box|ambox |type=content|text=Wiping a server in accordance to these standards can take from a couple of hours to more than a week.}} | |||
| |||
=== Supported erasure standards: === | |||
{| border="1" cellpadding="1" cellspacing="1" style="width: 1200px;" | {| border="1" cellpadding="1" cellspacing="1" style="width: 1200px;" | ||
| Line 19: | Line 25: | ||
! scope="col" | Overwriting rounds | ! scope="col" | Overwriting rounds | ||
|- | |- | ||
| | | Air Force System Security Instruction 5020 | ||
| | | 4 | ||
|- | |- | ||
| | | Aperiodic random overwrite | ||
| | | 1 | ||
|- | |- | ||
| | | | ||
| | | | ||
|- | |- | ||
| | | Bruce Schneier's Algorithm | ||
| | | 7 | ||
|- | |- | ||
| | | BSI-GS | ||
| | | 1-2 * | ||
|- | |- | ||
| | | BSI-GSE | ||
| | | 2-3 * | ||
|- | |- | ||
| | | CESG CPA – Higher Level | ||
| | | 3 | ||
|- | |- | ||
| | | Cryptographic Erasure | ||
| | | 0 ** | ||
|- | |- | ||
| | | DoD 5220.22-M | ||
| | | 3 | ||
|- | |- | ||
| | | DoD 5220.22-M ECE | ||
| | | 7 | ||
|- | |- | ||
| | | NIST 800-88 Clear | ||
| | | 0-1 * | ||
|- | |- | ||
| | | NIST 800-88 Purge | ||
| | | 0 * | ||
|- | |- | ||
| | | Firmware Based Erasure | ||
| | | 0 * | ||
|- | |- | ||
| | | Extended Firmware Based Erasure | ||
| | | 1 * | ||
|- | |- | ||
| | | HMG Infosec Standard 5, Higher Standard | ||
| | | 3 | ||
|- | |- | ||
| | | HMG Infosec Standard 5, Lower Standard | ||
| | | 1 | ||
|- | |- | ||
| | | National Computer Security Center (NCSC-TG-025) | ||
| | | 4 | ||
|- | |- | ||
| | | Navy Staff Office Publication (NAVSO P-5239-26) | ||
| | | 3 | ||
|- | |- | ||
| | | NSA 130-1 | ||
| | | 3 | ||
|- | |- | ||
| | | OPNAVINST 5239.1A | ||
| | | 3 | ||
|- | |- | ||
| | | Peter Gutmann's Algorithm | ||
| | | 35 | ||
|- | |- | ||
| | | U.S. Army AR380-19 | ||
| | | 3 | ||
|} | |} | ||
(*) Standard including a firmware based erasure step | |||
(**) With Cryptographic Erasure, the drive self-generates a new media encryption key and goes into a 'new drive' state. Without the old key, the old data becomes irretrievable | |||
Latest revision as of 09:25, 13 February 2021
Introduction
After conclusion of a troubleshooting mission, it is COMCERT's policy to completely remove all data from the tool's HDD and SDD by reimaging the server.
We also offer optional data erasure with certified data erasure software.
Please note that wiping a server can take from a couple of hours to more than a week and may include an extension of the rental period.
Solution
 | Wiping a server in accordance to these standards can take from a couple of hours to more than a week. |
Supported erasure standards:
| Erasure standard | Overwriting rounds |
|---|---|
| Air Force System Security Instruction 5020 | 4 |
| Aperiodic random overwrite | 1 |
| Bruce Schneier's Algorithm | 7 |
| BSI-GS | 1-2 * |
| BSI-GSE | 2-3 * |
| CESG CPA – Higher Level | 3 |
| Cryptographic Erasure | 0 ** |
| DoD 5220.22-M | 3 |
| DoD 5220.22-M ECE | 7 |
| NIST 800-88 Clear | 0-1 * |
| NIST 800-88 Purge | 0 * |
| Firmware Based Erasure | 0 * |
| Extended Firmware Based Erasure | 1 * |
| HMG Infosec Standard 5, Higher Standard | 3 |
| HMG Infosec Standard 5, Lower Standard | 1 |
| National Computer Security Center (NCSC-TG-025) | 4 |
| Navy Staff Office Publication (NAVSO P-5239-26) | 3 |
| NSA 130-1 | 3 |
| OPNAVINST 5239.1A | 3 |
| Peter Gutmann's Algorithm | 35 |
| U.S. Army AR380-19 | 3 |
(*) Standard including a firmware based erasure step
(**) With Cryptographic Erasure, the drive self-generates a new media encryption key and goes into a 'new drive' state. Without the old key, the old data becomes irretrievable