NIST 800-88 wipe method

[IDerr]

Hello, I was reading an article from Blancco, when I saw this https://www.blancco.com/blog-dod-5220-22-m-wiping-standard-method/

Today, DoD 522.22-M is readily available as a data wiping option, but has been superseded by other data sanitization standards such as those from the National Institute for Standards and Technology: NIST 800-88 Clear and NIST 800-88 Purge (Our best practice download, “Data Sanitization in the Modern Age: DoD or NIST?” delves into this more.)

I found this on how to implement their standard

Supported three NIST 800-88 media sanitization standards:

1. The write head passes over each sector one time (0x00).

2. The write head passes over each sector one time (Random).

3. The write head passes over each sector three times (0x00, 0xFF, Random).

For details about this,the most secure data clearing standard, you can read the original article at the link below: http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_with-errata.pdf

https://www.killdisk.com/notes.htm

[PartialVolume]

Also connected to issue #150 where it should be possible to log the user who did the wipe.

Thanks @IDerr this is another wipe method we should add to nwipe.

[louib]

Link to SP 800-88 Rev. 1

Looks like https://github.com/martijnvanbrummelen/nwipe/issues/148 would also be required for implementing this method:

The storage device may support configuration capabilities that artificially restrict the ability to access portions of the media as defined in the ATA standard, such as a Host Protected Area (HPA), Device Configuration Overlay (DCO), or Accessible Max Address. Even when a dedicated sanitization command addresses these areas, their presence may affect the ability to reliably verify the effectiveness of the sanitization procedure if left in place. Any configuration options limiting the ability to access the entire addressable area of the storage media should be reset prior to applying the sanitization technique

[PartialVolume]

Thanks @louib , in my opinion the detection & appropriate handling of dco & hda should be a high priority for nwipe. It would contribute towards satisfing some requirements of a number of standards and of course the user could then be more confident all areas of the drive have been wiped even those areas that may have been hidden by an OS or program.

[deltabravozulu]

+100 would love to see HPA+DCO detection and removal added.

[Firminator]

Adding DCO and HPA purge probably should go into a new milestone for v0.35.

[PartialVolume]

Yes, agreed.

[YannickDeKoeijer]

I was curious to know, because I can't seem to find it, if the HPA+DCO, but also the overall NIST800-88 methodology has been implemented? And if it is, where can I find some documentation on how to use this method succesfully and according to standard?

[PartialVolume]

I was curious to know, because I can't seem to find it, if the HPA+DCO, but also the overall NIST800-88 methodology has been implemented? And if it is, where can I find some documentation on how to use this method succesfully and according to standard?

No, HPA+DCO hasn't been directly implemented into nwipe yet, but it will most likely be implemented in the next release 0.35. HPA+DCO detection can be provided by hdparm which is on the ShredOS bootable image/iso and probably every distros repository.

The NIST800-88 guidelines which can be found here Guidelines for Media Sanitization for those that are interested in reading them.

NIST800-88 is more than just a particular way a program writes patterns over the disc such as DoD 5220.22, it's really guidelines for a company or organisation, that helps them develop their own methodology based on the NIST800-88 guidelines. NIST800-88 documents not just the software requirements that performs the wipe but the responsibilities within an organisation in regards to destroying data on various bits of equipment, not just computer discs. That's not to say there aren't specific requirements of the software that performs the disc erasure as well. For instance, the guidelines minimum requirements for a standard spinning disc is a single wipe of zeros with verification. Multiple wipes are optional.

Currently we haven't yet implemented some of the requirements, HPA+DSO, or secure erase however these are in the pipeline. HPA+DSO+secure erase can all be implemented by hdparm for those that want to implement those checks in their wipe procedure prior to running nwipe. Open source software is OK to use as stated in the NIST guidelines however an organisation should verify that that the software does in fact do what it says it does, whether opensource or proprietary.

Anybody that wants to wipe to NIST800-88 standards, by creating their own data destruction methodolgy using nwipe, ShredOS and hdparm, I would recommend you read the entire document above.