Add to collection(s) Add to saved
  1. No category

Standards Overview

advertisement 
Summary Of Certified Erasure Verification
Standards
NAID
• DATE: Jan 2013 (NAID Certification Document)
Specifies that Quality Control
(verification) software be different than that used for sanitization.
Section 3.6:
• The quality control manufacturer is different than the sanitization software
manufacturers, and that the Company employee who performs the quality control
is never the same person that performed sanitization on the same drive(s).
• A specific number or percentage of sanitized drives, as determined by the
Company, is seleted for quality control assessment on a routine basis.
• Also references some NIST SP 800-88 recommendations for log components.
R2 / RIOS
DATE: July 2013 Section 8: Data Destruction The latest R2 standard specifically
references SP-800-88 for all matters pertaining to data destruction. Verification is covered
in subsections a) b) and d). In subsection d), the text specifically identifies the
requirement for an independent party to perform the verification.
• (a)The R2:2013 electronics recycler shall adhere to the data sanitization, purging, or
destruction practices described in the NIST Guidelines for Media Sanitization:
Special Publication 800-88 (rev. 1) or another current generally-accepted
standard13, or be certified bya generally-accepted certification program.
• (b)An R2:2013 electronics recycler shall document its data destruction procedures and
include this documentation as part of its EHSMS.
• (d)Data destruction processes shall be reviewed and validated by an independent
party on a periodic basis as defined in the documentation called for in
Section b)
e-Stewards (Basel Action Network)
DATE: March 2013 (2.0) e-Stewards® Standard for Responsible Recycling and
Reuse of Electronic Equipment© e-Stewards indicates that further clarification is to
follow but leaves 800-88 as the prevailing guidelines for the broad spectrum of media
sanitization, including verification.
"Broadly speaking, a refurbisher must demonstrate
that they have the operational framework to conform to NIST 800-88 plus e-Stewards
performance requirements, and they must have an information system that confirms
conformance (i.e. evaluates successful data wiping) on a device-by-device basis."
Section 4.4.6.2 – Reuse and Refurbishment of Electronic Equipment
“5. Type of testing performed on each device or separate component
and, if applicable, data sanitization (see 4.4.6.3),”
ADISA
( Asset Disposal and Information
Security Alliance)
DATE: March 2013 Under 3.4.1 Processing is this line item:
d. There must be a documented quality control process which will test a sample number
of hard drives and all other data carrying assets after the data sanitization process has
been complete.
Appendix 7
“Utilizing independent forensic experts the Forensic specialist visits the ITAD and
performs IT forensic recovery efforts on a sample of 5 different devices within
finished goods to independently and randomly assess whether any residual data can
be retrieved forensically after the data destruction process has been carried out.”
Summary Of Erasure Verification
Guidelines
NIST SP 800-88
DATE: Nov 2012 (Rev. 1 of Original 2006 Document) In most cases, standards
adopted by non-governmental certifying organizations have been based wholly or
partially on NIST 800-00: Guidelines for Media Sanitization.
Key elements:
Section 1.2 – Purpose and Scope
The organization tracks, documents, and verifies media sanitization and destruction
actions and periodically tests sanitization equipment/procedures to ensure correct
performance.
• 4.7.3 Verification of Sanitization Results: "As part of the sanitization process, in
addition to the verification performed on each piece of media following the
sanitization operation, a subset of media items should be selected at random for
secondary verification using a separate validation tool. The secondary validation
tool should be from a separate developer..."
• If sampling is done after full verification in cases of low risk tolerance then a separate
validation tool than the one used in the original verification should be used.
• When using a representative sampling verification, the sampling should be executed by
personnel who were not part of the original sanitization action
• Select pseudorandom locations on the media each time the analysis tool is applied.
Related documents
Media Sanitization 9.1.8 - University of Cincinnati
Media Sanitization 9.1.8 - University of Cincinnati
Electronic Data Sanitization Verfication
Electronic Data Sanitization Verfication
15a ncac 18a .3313 MECHANICAL CLEANING AND SANITIZING (a
15a ncac 18a .3313 MECHANICAL CLEANING AND SANITIZING (a
Getting More From Your Families
Getting More From Your Families
Integration Plan Checklist
Integration Plan Checklist
NIST.SP.800-88r1
NIST.SP.800-88r1
Download
advertisement