How do you ensure secure media sanitization for HDD?
Standard number: DS-11 Show
This Standard supports and supplements Information Security (SPG 601.27). The Standard is mandatory and enforced in the same manner as the policy. It will be periodically reviewed and updated as necessary to meet emerging threats, changes in legal and regulatory requirements, and technological advances. I. OverviewWhen files are improperly or inadequately purged from storage media, it is often still possible to reconstruct or retrieve data. In order to mitigate the potentially significant risk of unauthorized disclosure of U-M data classified as Restricted, High, or Moderate, storage media must be appropriately sanitized to prevent unauthorized access to or disclosure of sensitive institutional data. In addition to being a widely accepted security and privacy practice, effective media sanitization is required by some regulations that the university is obligated to follow, including HIPAA, GLBA, and ITAR and EAR (export control), as well as by government-funded research grants. Data must be permanently erased or purged from devices (e.g., computer, server, laptop, multi-function printer, medical equipment, cell phone, digital communications equipment) or storage media (e.g., CD, USB drive, workstation/server hard drives, external hard drives) prior to transfer within the university or other disposition. Effective media sanitization requires the application of certified techniques to prevent recovery or reconstruction of residual stored data on the media appropriate to the classification level of the data and type of media. II. ScopeThis Standard applies to the Ann Arbor, Dearborn, and Flint campuses, as well as all schools, colleges, institutes, and Michigan Medicine. It further applies to:
III. StandardSanitization is defined as the erasure, overwriting, or destruction of storage media to the extent that data cannot be recovered using normal system functions or software data recovery utilities. It is assumed that all U-M owned devices have stored at a minimum data classified as Moderate. Consequently, all U-M owned devices must be sanitized according to this Standard at their end-of-life or prior to disposal as surplus. Specifically, no device or storage media containing personally identifiable information or any data classified as Restricted, High, or Moderate can be transferred or disposed of as surplus unless the appropriate UM-approved sanitization methodology has been completed and certified. U-M Property Disposition has sole responsibility for the disposition of university-owned property, per Acquisition, Use and Disposition of Property (SPG 520.01). Units, departments, or individuals with U-M owned devices must either a) sanitize the devices using the procedure and method described below, or b) have Property Disposition do the sanitizing and be charged for their sanitization service. For storage media containing data that is subject to regulation or contractual agreement requiring either (a) specific sanitization procedures or (b) a level of assurance of sanitization above that described in this Standard, the requirements in this Standard are superseded by the regulatory or contractual requirements, and responsible parties should employ methods that meet their specific, elevated requirements. The primary responsibility for sanitizing computer systems, electronic devices and media rests with the units, departments, or individuals that purchased them. Appropriate sanitization can be accomplished by one of the following methods (additional guidance is available on Safe Computing): Unit, Department, or IndividualThe university has licensed tools for secure wiping or sanitization of all university-owned storage media and devices that have maintained Restricted, High, or Moderate data. Satisfactory execution of this software results in media and devices meeting NIST compliance standards for data destruction, which then allows for the safe recycling or other disposition of the media.
U-M Property DispositionStorage media declared by units as surplus must be sent to U-M Property Disposition for reuse, disposal or destruction. In the absence of a Certificate of Sanitization/Physical Destruction provided by the unit, U-M Property Disposition will assume that a device has not been properly sanitized. It will erase or destroy the device using appropriate tools and assess the unit its standard fee for such service according to a service level agreement. Property Disposition will maintain the Certificate of Sanitization/Physical Destruction. Physical Data and Device DestructionIn instances where secure erasure is not possible (e.g., hard drive is inoperable), storage media should be physically destroyed using a NIST 800-88 certified physical destruction method. U-M Property Disposition maintains a contract with a third-party vendor, which units can use, for a fee, to physically destroy hard drives and receive a Certificate of Sanitization/Physical Destruction. Units are strongly discouraged from attempting to physically destroy storage media themselves. Copiers, Fax Machines, Scanners, and PrintersMultifunction office devices usually retain a cached digital copy on the device’s hard drive of some or all the documents printed, scanned, or processed. It is important to take appropriate hardening steps to minimize the risk of loss or unauthorized disclosure of Restricted, High, or Moderate data that may be retained on both standalone and networked devices while in use by a unit or department. The physical security of removable hard drives must be properly accounted for when devices are undergoing maintenance work. Once a machine has reached the end of its useful life or lease, its transfer, return, or disposal must be preceded by rendering any cached sensitive information or data unrecoverable.
Licensed SoftwareIn accordance with provisions of Software Procurement and Licensing Compliance (SPG 601.03-3), units and individuals should appropriately reuse, transfer, return, remove, or delete licensed software in compliance with licensing agreements before transferring or disposing of any storage media to ensure that no software is disposed of or transferred in violation of its license. Specifically, all non-transferable licensed software should be permanently deleted before any electronic device or media is disposed of or transferred within or external to U-M. DocumentationUnits and individuals are required to document and retain for a period of three years a record of storage media data removal or destruction for all media that stored Restricted, High, or Moderate data.
V. Violations and SanctionsFailure to properly purge data in a manner that renders the data unrecoverable may pose a significant risk to the university since data often can easily be recovered with readily available tools. Violations of this Standard may result in disciplinary action up to and including suspension or revocation of computer accounts and access to networks, non-reappointment, discharge, dismissal, and/or legal action. Discipline (SPG 201.12) provides for staff member disciplinary procedures and sanctions. Violations of this policy by faculty may result in appropriate sanction or disciplinary action consistent with applicable university procedures. If dismissal or demotion of qualified faculty is proposed, the matter will be addressed in accordance with the procedures set forth in Regents Bylaw 5.09. In addition to U-M disciplinary actions, individuals may be personally subject to criminal or civil prosecution and sanctions if they engage in unlawful behavior related to applicable federal and state laws. Any U-M department or unit found to have violated this Standard may be held accountable for the financial penalties, legal fees, and other remediation costs associated with a resulting information security incident and other regulatory non-compliance. VI. ImplementationInformation Assurance is responsible for the implementation, maintenance and interpretation of this Standard. VII. References
VIII. Related NIST Security Controls
How would you ensure secure media sanitization SSD?The sanitization steps for encrypted Media include: Erasing the key (or re-encrypting with a strong key then erasing the key used for re-encryption.) Clearing the Media as an additional step when key erasure is not verifiable. Removing external markings or labels that indicate government ownership or data sensitivity.
What are some methods for sanitizing a drive?The three most common techniques for properly sanitizing hard drives are:. Physically destroying the drive, rendering it unusable. ... . Degaussing the drive to randomize the magnetic domains – most likely rendering the drive unusable in the process. ... . Overwriting the drive's data so that it cannot be recovered.. What is hard drive sanitization?Data sanitization is the process of irreversibly removing or destroying data stored on a memory device (hard drives, flash memory / SSDs, mobile devices, CDs, and DVDs, etc.) or in hard copy form.
What is the best data sanitization method?Cryptographic erasure is a quick and effective method to achieve data sanitization. It is best used when storage devices are in transit or for storage devices that contain information that is not sensitive.
|