Oct 01, 2020
The recommended deletion process is a three-step procedure: sanitization, verification and documentation. We detailed the sanitization method in our previous blog article on data sanitization, and in this article, we will elaborate on verification and documentation.
The NIST special publication 800-88 Revision 1 recommends two types of data sanitization verification. The first method is to perform verification every time sanitization is applied.The second is a representative sampling verification, applied to a selected subset of the media. It is recommended that the sampling should be executed by personnel who were not part of the original sanitization action to avoid any potential bias. The goal of sanitization verification is to ensure that the target data was effectively sanitized. SP 800-88 Revision 1 provides different methods of verification based on destructive techniques that have been used.
Also, verification process at following levels has been recommended.
Verification of Equipment
Verification of the sanitization process is not the only assurance required by the organization. If the organization is using sanitization tools (e.g., a degausser or a dedicated workstation), then equipment calibration, as well as equipment testing, and scheduled maintenance, is also needed. In case a software like Diskdeleter is used, the software vendor can take care of this but the organization needs to make sure it is running the latest version of the software for maximum efficiency.
Verification of Personnel Competencies
Another key element of verification is the potential training needs and current expertise of personnel conducting the sanitization. Organizations should ensure that equipment operators are competent to perform sanitization functions. What we have observed is that depending upon which organizational level data sanitization is applied, there may be different personnel involved. Following are four areas where data salinization may be required and different people will be responsible.
Verification of Sanitization Results
The goal of sanitization verification is to ensure that the target data was effectively sanitized. When supported by the device interface (such as an ATA or SCSI storage device or solid state drive), the highest level of assurance of effective sanitization (outside of a laboratory) is typically achieved by a full reading of all accessible areas to verify that the expected sanitized value is in all addressable locations. A full verification should be performed if time and external factors permit. This manner of verification typically only applies where the device is in an operational state following sanitization so that data can be read and written through the native interface.
If an organization chooses representative sampling, then the following main goals apply to electronic media sanitization verification:
Documentation of the process is critical. Following sanitization, a certificate of media disposition should be completed for each piece of electronic media that has been sanitized. A certification of media disposition may be a piece of paper or an electronic record of the action taken. For example, most modern hard drives include bar codes on the label for model and serial numbers. The person performing the sanitization might simply enter the details into a tracking application and scan each bar code as the media is sanitized. Automatic documentation can be important as some systems make physical access to the media very difficult. The decision regarding whether to complete a certificate of media disposition and how much data to record depends on the confidentiality level of the data on the media. For a large number of devices with data of very low confidentiality, an organization may choose not to complete the certificate. When fully completed, the certificate should record at least the following details:
Below is a sample Certificate Recommended by NIST-800 publication.