Secure data erasure: Difference between revisions

From wiki.comcert.com
Jump to navigation Jump to search
No edit summary
No edit summary
Line 94: Line 94:
(*) Standard including a firmware based erasure step
(*) Standard including a firmware based erasure step


(**) When a Cryptographic Erasure command is given, the drive self-generates a new media encryption key and goes into a 'new drive' state. Without the old key, the old data becomes irretrievable.
(**) When a Cryptographic Erasure command is given, the drive self-generates a new media encryption key and goes into a 'new drive' state. Without the old key, the old data becomes irretrievable

Revision as of 09:38, 21 March 2018

Introduction

Certified data erasure

After conclusion of a troubleshooting mission, it is COMCERT's policy to completely remove all data from the tool's HDD and SDD by reimaging the server.

We also offer a paid option to erase the data using a certified data erasure software for HDD and SDD.  Wiping a server using these standards can take from a couple of hours to more than a week.

 

Solution

 

 

Supported erasure standards

Erasure standard Overwriting rounds
Air Force System Security Instruction 5020 4
Aperiodic random overwrite 1
Blancco SSD Erasure 2+ *
Bruce Schneier's Algorithm 7
BSI-GS 1-2 *
BSI-GSE 2-3 *
CESG CPA – Higher Level 3
Cryptographic Erasure 0 **
DoD 5220.22-M 3
DoD 5220.22-M ECE 7
NIST 800-88 Clear 0-1 *
NIST 800-88 Purge 0 *
Firmware Based Erasure 0 *
Extended Firmware Based Erasure 1 *
HMG Infosec Standard 5, Higher Standard 3
HMG Infosec Standard 5, Lower Standard 1
National Computer Security Center (NCSC-TG-025) 4
Navy Staff Office Publication (NAVSO P-5239-26) 3
NSA 130-1 3
OPNAVINST 5239.1A 3
Peter Gutmann's Algorithm 35
U.S. Army AR380-19 3

(*) Standard including a firmware based erasure step

(**) When a Cryptographic Erasure command is given, the drive self-generates a new media encryption key and goes into a 'new drive' state. Without the old key, the old data becomes irretrievable