Secure data erasure: Difference between revisions

From wiki.comcert.com
Jump to navigation Jump to search
No edit summary
No edit summary
Line 4: Line 4:
=== Certified data erasure ===
=== Certified data erasure ===


After conclusion of a troubleshooting mission, it is COMCERT's policy to completely remove all data collected during the mission from the tools HDD and/or SDD. 
After conclusion of a troubleshooting mission, it is COMCERT's policy to completely remove all data from the tool's HDD and SDD by reimaging the server.


We also offer the paid option to erase the data using a certified data ersure software for HDD and SDD.  Wiping a server using these standards can take from a couple of hours to more than a week.
We also offer a paid option to erase the data using a certified data ersure software for HDD and SDD.  Wiping a server using these standards can take from a couple of hours to more than a week.


 
 

Revision as of 09:31, 21 March 2018

Introduction

Certified data erasure

After conclusion of a troubleshooting mission, it is COMCERT's policy to completely remove all data from the tool's HDD and SDD by reimaging the server.

We also offer a paid option to erase the data using a certified data ersure software for HDD and SDD.  Wiping a server using these standards can take from a couple of hours to more than a week.

 

Solution

Supported erasure standards

Erasure standard Overwriting rounds
Air Force System Security Instruction 5020 4
Aperiodic random overwrite 1
Blancco SSD Erasure 2+ *
Bruce Schneier's Algorithm 7
BSI-GS 1-2 *
BSI-GSE 2-3 *
CESG CPA – Higher Level 3
Cryptographic Erasure 0 **
DoD 5220.22-M 3
DoD 5220.22-M ECE 7
NIST 800-88 Clear 0-1 *
NIST 800-88 Purge 0 *
Firmware Based Erasure 0 *
Extended Firmware Based Erasure 1 *
HMG Infosec Standard 5, Higher Standard 3
HMG Infosec Standard 5, Lower Standard 1
National Computer Security Center (NCSC-TG-025) 4
Navy Staff Office Publication (NAVSO P-5239-26) 3
NSA 130-1 3
OPNAVINST 5239.1A 3
Peter Gutmann's Algorithm 35
U.S. Army AR380-19 3

(*) Standard including a firmware based erasure step

(**) When a Cryptographic Erasure command is given, the drive self-generates a new media encryption key and goes into a 'new drive' state. Without the old key, the old data becomes irretrievable.