NIST 800-88 guideline states that Federal agencies must use FIP 140 validated encryption modules to attain the required level of assurance with CE. The Cryptographic Erase technique sanitizes the target data’s encryption key such that the encrypted data cannot be decrypted and thus turns into an unrecoverable state.Ĭryptographic erasure is an efficient and straightforward method to sanitize SEDs however, its efficacy depends on the cryptographic key or algorithm’s strength. SEDs are hard drives with integrated and always-on encryption of data, enabled using a cryptographic key directly accessible to the device. Cryptographic Erase (CE) is used for the erasure of a Self-Encrypting Drive (SED).There are multiple ways to implement NIST Purge for overwriting the data : NIST 800-88 Purge method uses physical or logical techniques to render the HDD or SSD data unreadable and irretrievable using data recovery tools or methods.
It also suggests using the SECURITY ERASE UNIT command to overwrite the SSD, if supported.
NIST 800-88 Clear method recommends using at least a single write pass with a fixed value to overwrite the drive. The Clear method can also involve factory resetting the device if rewriting is not supported. The goal of the Clear method is to overwrite the storage sector with non-sensitive values using non-invasive read/write commands. NIST Clear method is based on erasing the data stored in all user-addressable locations on PATA, SATA, eSATA, and other ATA hard disk drives (HDD). NIST 800-88 suggests Clear and Purge as the two methods to overwrite (i.e., erase) the target data on a hard drive using a mix of logical and physical techniques. NIST 800-88 is one such prevalent standard, providing in-depth coverage on media sanitization types, implementation techniques, usage scenarios, etc. Several standards govern the media sanitization procedures, including data erasure. Data erasure and other media sanitization procedures are essential protocols in the IT asset management policies of such privacy-focused organizations. In such scenarios, the organization needs to erase the hard drives following the standard procedures to ensure the permanent removal of the complete data in line with applicable data protection laws. For example, an organization may need to dispose of the used hard disk drives, solid-state drives, or devices with built-in storage, or it might be returning the storage devices acquired on lease. Protecting this data from leakage and breach is crucial for organizations, significantly when the hard drive’s custody or ownership changes.
Modern hard drives inside computers and servers can store humongous data reaching terabytes in size.
0 kommentar(er)
