NASA approved :) - Githubissues

Audit Report from 2010-12-07 about "NASA’S DISPOSITION OF INFORMATION TECHNOLOGY EQUIPMENT"

Contractor personnel involved in the IT sanitization and disposition process at Kennedy, Johnson, and Ames were not sufficiently familiar with and did not follow NASA sanitization policy. Specifically, we identified instances at each of these three Centers where personnel used unapproved software to sanitize IT equipment. ... NASA’s Standard Operating Procedure lists only three approved sanitization software products:

Secure Erase

Darik’s Boot and Nuke (DBAN)

WipeDrive/WipeDrive Pro

However, we found instances at Kennedy, Johnson, and Ames of personnel using or recommending sanitization software not on the NASA-approved list:

USA used DataGone by Symantec to sanitize excess IT equipment at both Kennedy and Johnson. DataGone has not been approved by NASA or certified for use by other Federal agencies, including DOD and the National Security Agency.

Johnson’s disposition contractor, L&M Technologies, Inc., used both a NASA-approved software program (DBAN) and Active@KillDisk, which is not approved by NASA. When we informed L&M Technologies of the requirements in NASA’s Standard Operating Procedure, it stopped using the unapproved software.

The Ames IT Security Manager recommended that Center personnel use a sanitization software program called BCwipe, which is DOD-compliant and therefore permissible for use under Ames’ procedures. However, it is not on the NASA list of approved software.

IT personnel at each of the three Centers stated that they were not aware that some of the sanitization software they were using had not been approved by NASA. The use of unapproved software is a significant concern because unapproved software was used on some of the computers at Kennedy that failed verification testing.

source: https://oig.nasa.gov/audits/reports/FY11/IG-11-009.pdf

Might want to add it to the Wiki.

NHellFire / dban

NASA approved :) #29