NIST Drafting Guide on Media Sanitization
Evolving Storage Environment Creates Need for Revised GuidanceThe National Institute of Standards and Technology is revising guidance aimed to help organizations sanitize data based on the confidentiality of stored information.
Draft NIST Special Publication 800-88 Revision 1: Guidelines for Media Sanitization discusses methods, techniques and best practices for the sanitization of data on different types of media, employing risk-based approaches to establish and maintain a media sanitization program.
The revised guidance doesn't specifically address all known types of media, but it does describe a sanitization decision process that can be applied universally.
NIST is seeking public comment on the draft guidance to consider before issuing a final report. Comments should be submitted to 800-88r1Comments@nist.gov by Nov. 30.
Simply, sanitization makes accessing data on media unfeasible. The proposed guidance identifies three sanitization models:
- Clear: Applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques. It's typically applied through the standard read and write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state, where rewriting is not supported.
- Purge: Prescribes physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques.
- Destroy: Renders target data recovery infeasible using state-of-the-art laboratory techniques and results in the subsequent inability to use the media for storage of data.
Shared Responsibility to Sanitize
NIST says the need for the revised guidance is tied to the rapidly evolving storage environment. Here's NIST's thinking:
Data created by one organization could pass through systems and storage media of many other enterprises before arriving at rest in the final destination. The pervasive nature of generating data is increasing as the Internet and data storage systems move toward a distributed cloud-based architecture. More organizations than ever are responsible for effectively sanitizing media and the potential is substantial for sensitive data to have been collected and retained on the media.
This responsibility isn't limited to organizations that created the data or host the final resting places of sensitive data, but also intermediaries who temporarily store or process the information along the way. The effective management of information from inception through disposition is the responsibility of all those who have handled the data.
The application of sophisticated access controls and encryption helps reduce the likelihood that an attacker can gain direct access to sensitive information. Organizations, therefore, attempting to obtain sensitive information might seek to focus their efforts on other ways of access, such as retrieving residual data on media that has left an organization without sufficiently being sanitized. The application of effective sanitization techniques and tracking of storage media are vital components of ensuring that sensitive data are effectively protected by an organization against unauthorized disclosure.
An organization could choose to dispose of media by charitable donation, internal or external transfer or by recycling if the media is no longer usable. Even internal transfers require increased scrutiny, as legal and ethical obligations make it important to safeguard data such as personally identifiable information. No matter what the final intended destination of the media is, it's important that the organization ensures that no easily re-constructible residual representation of the data is stored on the media after it has left the control of the organization or is no longer going to be protected at the confidentiality categorization of the data stored on the media.
NIST also points out that U.S. law advises federal system owners and custodians that excess equipment is "educationally useful" and "federal equipment is a vital national resource." Wherever possible, NIST advises, excess equipment and media should be made available to schools and not-for-profit organizations.