In January of 1995, as the result of a presidential order, the U.S. Department of Defense introduced the National Industry Operating Program Operating Manual (NISPOM), more commonly known as the "DoD 5220.22.M" standard. This new standard, developed collaboratively by the government and industry, offered new and improved operational guidelines and processes to securely safeguard our nation’s government technology and information. The standard addresses the protection of atomic energy, nuclear weapons and other highly sensitive confidential information held by the Dept. of Defense, the Dept. of Energy and other government entities.
At first glance, the standard’s reliance on government processes to ensure information security may seem somewhat arcane. To the contrary, the two page chart found in the back of the 135 page document has perhaps made the most significant impact on the data destruction industry. In this chart, there is a variety of storage media listed with two adjacent columns - one labeled "clear" and another "sanitize". It is actually one line in this chart that indicates hard drives, can be "cleared" with a single pass data overwrite data and can be "sanitized" with a three pass data overwrite.
Ironically, the document does very little to discuss when a single-pass is appropriate and when a triple-pass is appropriate. In fact, during the 2006 National Association of Information Destruction (NAID) annual conference in Scottsdale, Arizona, one of the most highly regarded and leading researchers in data destruction and forensics science, Simson Garfinkel Phd (co-author of "Remembrance of Data Passed: A Study Disk Sanitization Processes", IEEE 2003 and presently a professor at Harvard) was asked by the author of this article about the scientific significance between a single-pass and a triple-pass. Garfinkel explained that he had located original members of the 5220.22.m standards team and had asked how a single-pass and triple-pass standard was determined to be an appropriate methodology. The response was, "it sounded like a good idea." In fact, there is no documented scientific evidence that either single or triple-pass is superior at securing data.
In 2006, the 5220.22-m standard was updated and revised. The chart that discussed a 1-pass and 3-pass overwrite was removed. For more than 5 years, the number of hard drive overwrite passes has not been in the DoD 5220.22-m standard.
By the fall of 2006, as the result of a sponsorship from the Department of Homeland Security, a new standard for a practical approach to information security and media sanitizations was introduced by the National Institute of Standards and Technology. The objective of the NIST 800-88 standard is to provide an effective framework and an effective decision making process to handle media that will be ultimately reused or disposed of.
Key sections of the standard include:
- Section 1 explains the authority, purpose and scope, audience, and assumptions of the document, and outlines its structure.
- Section 2 presents an overview of the need for sanitization and the basic types of information, sanitization, and media.
- Section 3 provides general information on roles and responsibilities that influence sanitization decisions.
- Section 4 provides the user with a process flow to assist with sanitization decision making.
- Section 5 provides a summary of several general sanitization techniques.
- Appendix A contains a matrix of media with minimum recommended sanitization techniques for clearing, purging, or destroying various media. This appendix is to be used with the decision flow chart provided in Section 5.
- Appendix B contains a glossary defining terms used in this guide.
- Appendix C contains a listing of tools and external resources that can be referenced for assistance with media sanitization.
- Appendix D contains information sanitization considerations for a home user or telecommuter who may not have access to organizational resources.
- Appendix E contains a listing of sources and correspondence that was essential in developing this guide.
- Appendix F contains a sample sanitization form for documenting sanitization activities in an organization.
Two key distinctions about NIST 800-88 are noteworthy:
- The standard offers a process and a way to think about what methodology(ies) are appropriate for data destruction requirements
- Today’s media can be effectively cleared by one overwrite
The ultimate conclusions from NIST 800-88 are:
- Process should be the main component of effective data destruction rather than the number of data overwrites
- A single pass overwrite is suitable for data destruction, saving time and money while providing secure data destruction
Much of the data privacy and compliance industry has focused on a 15 year old standard, DoD 5220.22-m that was retired long ago. It is promising that a newer standard, NIST 800-88, is available and can provide guidelines for better decision making and policy development for effective data privacy and destruction.
About the Author: Dag Adamson is President of LifeSpan Technology Recycling - a national IT Asset Disposition (ITAD) vendor, with primary facilities in Boston, Tampa, Omaha, Denver, and San Diego. Dag has contributed in the development of industry standards including: AAA NAID certification for data sanitization and EPA-lead R2 – Responsible Recycling and has conducted research and published numerous articles on data destruction. Dag is a graduate of Worcester Polytechnic Institute - BS-EE and Boston College – MBA. You may reach Mr. Adamson at firstname.lastname@example.org.