Secure data erasure: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
=== Certified data erasure === | === Certified data erasure === | ||
After conclusion of a troubleshooting mission, it is COMCERT's policy to completely remove all data | After conclusion of a troubleshooting mission, it is COMCERT's policy to completely remove all data from the tool's HDD and SDD by reimaging the server. | ||
We also offer | We also offer a paid option to erase the data using a certified data ersure software for HDD and SDD. Wiping a server using these standards can take from a couple of hours to more than a week. | ||
| | ||
Revision as of 09:31, 21 March 2018
Introduction
Certified data erasure
After conclusion of a troubleshooting mission, it is COMCERT's policy to completely remove all data from the tool's HDD and SDD by reimaging the server.
We also offer a paid option to erase the data using a certified data ersure software for HDD and SDD. Wiping a server using these standards can take from a couple of hours to more than a week.
Solution
Supported erasure standards
| Erasure standard | Overwriting rounds |
|---|---|
| Air Force System Security Instruction 5020 | 4 |
| Aperiodic random overwrite | 1 |
| Blancco SSD Erasure | 2+ * |
| Bruce Schneier's Algorithm | 7 |
| BSI-GS | 1-2 * |
| BSI-GSE | 2-3 * |
| CESG CPA – Higher Level | 3 |
| Cryptographic Erasure | 0 ** |
| DoD 5220.22-M | 3 |
| DoD 5220.22-M ECE | 7 |
| NIST 800-88 Clear | 0-1 * |
| NIST 800-88 Purge | 0 * |
| Firmware Based Erasure | 0 * |
| Extended Firmware Based Erasure | 1 * |
| HMG Infosec Standard 5, Higher Standard | 3 |
| HMG Infosec Standard 5, Lower Standard | 1 |
| National Computer Security Center (NCSC-TG-025) | 4 |
| Navy Staff Office Publication (NAVSO P-5239-26) | 3 |
| NSA 130-1 | 3 |
| OPNAVINST 5239.1A | 3 |
| Peter Gutmann's Algorithm | 35 |
| U.S. Army AR380-19 | 3 |
(*) Standard including a firmware based erasure step
(**) When a Cryptographic Erasure command is given, the drive self-generates a new media encryption key and goes into a 'new drive' state. Without the old key, the old data becomes irretrievable.