Knogle
commented
2 days ago I've gone through in depth, looks like a nice goal. I also have specific use cases for that.
Open fthobe opened 2 weeks ago
Knogle
commented
2 days ago I've gone through in depth, looks like a nice goal. I also have specific use cases for that.
WARNING Rolling Release Base, Changes / Additions might occur
Current State of Issue
Missing Components in this issue
Data Wipe Certification According to Standard
The current certification provides significant value, but does not contain all mandatory and / or optional fields to certify the destruction of the disk contained data. This issue outlines eventual shortcomings.
Applies to following standards
The following table illustrates the requirements for the documentation of a sanitisation according to various standards. Currently documented are:
US: NIST SP 800-88 Rev. 1 requires a form similar to the appendix of the linked standard.
US: DoD I 8500.01 (refers to NIST SP 800-88) DOD M 4160.21 Vol 4 requires form 2500 similar to the document here.
US: DoD 5220.22-M requires a very reduced form
Canada: ITSP 40006: see US: NIST SP 800-88 Rev. 1
Germany: CON.6
Particular Requirements
Different Tool for Verification
Following standards require a different tool for verification:
Control of Disk Size
Following Standards require to mathematically compare disk size before cancellation and after verification:
Validation of Tool itself
Following standards require to validate if the tool used is tamper free (eg checksum of binary)
Tool needs to be bootable
Following standards require the applications to run from a bootable device:
Following Standards require to Destroy Disks with Bad Sectors
Following standards require to verify bad sectors for successful erasure or otherwise return failed:
Overwrite with Random Values
Following Standards require PNRG Streams to overwrite
DOES NOT APPLY TO FOLLOWING STANDARDS
Additional Sources