Digital Media Sanitization

3y ago
35 Views
4 Downloads
8.71 MB
21 Pages
Last View : 24d ago
Last Download : 2m ago
Upload by : Eli Jorgenson
Transcription

Standard Operating ProcedureDigital Media SanitizationITS-SOP-0035Version Date: 20080915Effective Date: 20080915Expiration Date: 20110915Responsible Office: Office of the Chief Information Officer

Document Change and Review HistoryVersion Summary of ChangesNumberChangesDateMade/ReviewedBy

·· 01'T,8:') i6 Qf'j C' :0 0 1'ent51. le DocumentsDigital Media SanitizationDigital Media Sanitization Process1.5.1Methods1.5.2 Selection1.5.3 Approved Sanitization Tools1.5.4 Recording and Verifying Sanitization1.5.5 Special ConsiderationsMedia Sanitization Roles and Responsibilities1.6.1Information System Owner1.6.2 Media Sanitization Personnel2. Approval"1111122212131313131314Appendix A: GlossaryA-1Appendix B: Media Sanitization Record FormB-1

1.Introduction1.1PurposeThe purpose of this Standard Operating Procedure (SOP) is to protect NASA information and toensure that there is no accidental leakage; therefore, it institutes a procedure for sanitizingelectronic storage devices .The variety and capacity of electronic storage devices is increasing, and many of them areportable. As a result, there is an increased risk that NASA information could be usedinappropriately. All NASA information has a low, moderate, or high security impact level. Theapproved method for sanitizing an electronic storage media device depends on the security ·impact level of the information stored on it.1.2ScopeAny electronic storage device that has ever contained NASA information, even for a brief periodof time, must be sanitized before it can be reassigned, transferred, or discarded. This SOPapplies to all information system owners, who are required to follow these procedures from thecreation to the disposal of all information that is stored on information technology (IT) systemsunder their control.This SOP does not cover classified information. Centers must contact the Office of Security andProgram Protection (OSPP) for instructions on sanitizing or destroying classified information. Inaddition, this SOP does not cover destruction of hard-copy material.1.3Applicable DocumentsThis guidance was developed in accordance with the following regulatory mandates, directives,and federal publications: 1.4Federal Information Processing Standards (FIPS) Publication, Standards for SecurityCategorization of Federal Information and Information Systems, February 2004 .National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53,(Revision 2) Recommended Security Controls for Federal Information Systems,December 2007NIST SP 800-53A, Guide for Assessing the Security Controls in Federal InformationSystems, July 2008NIST SP 800-88, Guidelines for Media Sanitization, September 2006National Security Ag.ency (NSA) Storage Devices Destruction mDepartment of Defense (000) 5520.22-M National Industrial Security Program OperatingManual (NISPOM)Digital Media SanitizationThe need to sanitize a storage device generally falls into one of the following categories:a.The storage device is being repurposed or reissued within NASA

b. The storage device is being repurposed, or reissued outside of NASA, or is otherwisetemporarily or permanently leaving NASA's controlc.The storage device will no longer be used by NASA or any other partyTwo factors combine to determine the proper method of sanitizing a storage device:a. The mechanics of the method must correspond to the nature of the storage device. Forexample, a method that works on a hard disk might not work on a flash drive. (An example ofthe mechanics of this method is performing a three-pass DoD 5220.22M wipe)b. The thoroughness of the method must correspond to the security category of theinformation on the storage device and- to the storage device's future useSometimes there is more than one method of sanitizing a given device. In that case, rank themin order of effectiveness, and use the most effective method that is available.1.5Digital Media Sanitization ProcessSanitization is the process of removing data from storage devices so that it is impossible ornearly impossible to recover it. The sanitization method depends on the type of storage devices,and it can include removing labels, markings , and activity logs.1.5.1MethodsAccording to NIST SP 800-88, there are three primary methods for sanitizing storage devices:a.Clearing the datab.Purging the datac.Destroying the dataIn this publication , the terms "clear" and "purge" are interchangeable. It has been determinedthat, in the case of NASA information, "clearing" satisfies NIST's guidance for "purging ."Note: Using an approved mechanism for destroying storage devices, even when it is notrequired, is always an acceptable way to ensure the storage devices is properly sanitized.1.5.2SelectionUse the following two tables to select the sanitization method whose thoroughness correspondsto the security category of the information on the storage device and to the storage device'sfuture use.Table 9-1 applies to storage devices containing information with a low or moderate securityimpact level.2

Acceptable SanitizationMethodsSecurity Impact Level:Low or Moderate- 0 . - oRepurposed or Reissued(under NASA posed or Reissued eu (not under NASA control)c:(1) :::J.00)5Discarded(not under anyone's.control). (1):::J(1)U-.c:Table 9-1: Sanitization Method-Low or Moderate Impact LevelTable 9-2 applies to storage devices containing information with a high security impact level.Acceptable SanitizationMethodsSecurity Impact Level:High- 0. - oRepurposed or Reissued(under NASA osed or Reissued(notunder NASA control)Oeuc:(1)(1).00). 0:::J . (1)Discarded. (not under anyone'scontrol)::::J (1)U-.c:Table 9-2: Sanitization Method-High Impact Level3

After determining the method (clear or destroy) from Table 9-1 or 9-2 above, consult thefollowing tables for the appropriate mechanisms for carrying out that method. If there is morethan one mechanism in the list, select the one that can be done the easiest, as they are allsufficient. Tables 9-3 through 9-10 detail the various media types and their associatedsanitization mechanisms.Table 9-3Hand-Held Devices - Sanitization MechanismsTable 9-4Networking - Sanitization MechanismsTable 9-5Magnetic Disks - Sanitization MechanismsTable 9-6Magnetic Tape - Sanitization MechanismsTable 9·7Optical Disks - Sanitization MechanismsTable 9-8Memory - Sanitization MechanismsTable 9-9Magnetic Cards - Sanitization MechanismsTable 9-10Other Equipment - Sanitization MechanismsSanitization Mechanisms for hand-held devices:Type of Hand-Held DeviceClearmechanisms Delete all informationmanuallyThis includes the callhistory and all phonenumbersCell PhonesPersonal Digital Assistants(PDAs)Destroymechanisms Shred Disintegrate Pulverize Incinerate it in a licensedfacility Perform a full resetUse the manufacturer'sdocumentation or contactthe manufacturer for themethod of restoring thefactory default settings. Delete all informationmanually Incinerate it in a licensedfacility Perform a full reset Shred PulverizeUse the manufacturer'sdocumentation or contactthe manufacturer for themethod of restoring thefactory default settings.Table 9-3: Hand-Held Devices-Sanitization Mechanisms4

Sanitization Mechanisms for networking devices:Type of NetworkingDevice Perform a full resetRouters (any type)DestroymechanismsClearmechanismsUse the manufacturer'sdocumentation or contactthe manufacturer for themethod of restoring thefactory default settings. ShredDisintegratePulverizeIncinerate it in a licensedfacilityTable 9-4: Networking-Sanitization MechanismsSanitization Mechanisms for magnetic disks:Type of Magnetic Disk Purge with Secure Erase.The Secure Erasesoftware can bedownload from theUniversity of California,San Diego (UCSD)CMRRsite.ATA Hard DrivesDestroymechanismsClearmechanisms Purge in an NSAlCSS approved automaticdegausser ordisassemble the driveand purge the enclosedplatters with anNSAlCSS-approveddegaussing wand . Purge with agencyapproved and validatedpurge technologies ortools.Degaussing any currentgeneration hard diskrenders it permanentlyunusable.5 ShredDisintegratePulverizeIncinerate it in a licensedfacility

Type of Magnetic DiskUSB Removable StoragePen drives, thumb drives,flash drives, memory sticks,or USB-powered harddrivesClearmechanisms Purge with Secure Erase.The Secure Erasesoftware can bedownload from theUniversity of California,San Diego (UCSD)CMRR site. Purge in an NSAlCSS approved automaticdegausser ordisassemble the driveand purge the enclosedplatters with an .NSAlCSS-approveddegaussing wand.Destroymechanisms ShredDisintegratePulverizeIncinerate it in a licensedfacility,. Purge with agencyapproved and validatedpurge technologies ortools.Degaussing any currentgeneration hard diskrenders it permanentlyunusable.Zip Disks Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods, and tools. Shred Incinerate it in a licensedfacilitySCSI Drives Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods , and tools. ShredDisintegratePulverizeIncinerate it in a licensedfacilityTable 9-5: Magnetic Disks-Sanitization Mechanisms6

Sanitization Mechanisms for magnetic tape :Type of MagneticTapeReel and CassetteClearmechanisms Overwrite or degauss the tape .Overwriting (also called re recording) a tape is most oftenimpractical, because it takes avery long time.Overwrite (re-record) the tapeon a system that is similar tothe one that originally recordedthe data. For example,overwrite previously recordedsensitive VHS videos on acomparable VHS recorder.Overwrite the entire tape oncewith known non-sensitivesignals.Destroymechanisms Incinerate the tapes in alicensed facility ShredIt is not necessary toprepare the tape fordestruction, for example,by removing it from thereel or cassette.However, it may benecessary to do so forrecycling or to complywith the destructionfaCility's requirements.Table 9·6: Magnetic Tape-Sanitization MechanismsSanitization Mechanisms for optical disks:Type of OpticalDiskDestroymechanismsClearmechanisms Use a commercial optical-disk grindingdevice to remove the informationbearing layers. Incinerate the optical disk in a licensedfacility. Use an optical-disk shredder ordisintegrator device to reduce the CD toparticles that have a nominal edgedimension of five millimeters and surfacearea of twenty-five square millimeters, orsmaller.Use the destroymechanismsCDsThis is the currently acceptable particlesize. New disk shredders must reduce thedisk to particles with a surface area ofO.25mm.7

Use a commercial optical-disk grindingdevice to remove the informationbearing layers. Incinerate the optical disk in a licensedfacility. Use an optical-disk shredder ordisintegrator device to reduce the CD toparticles that have a nominal edgedimension of five millimeters and surfacearea of twenty-five square millimeters, orsmaller.Use the destroymechanismsDVDsThis is the currently acceptable particlesize. New disk shredders must reduce thedisk to particles with a surface area ofO.25mm.Table 9-7: Optical Disks-Sanitization Mecha ,ismsSanitization Mechanisms for memory devices :Type of MemoryCompact Flash Drives, SDDynamic Random AccessMemory (DRAM)Electronically AlterablePROM (EAPROM)DestroymechanismsClearmechanisms Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies ,methods, and tools.Table 11 below mayprovide appropriate toolsto accomplish this task . Purge the DRAM asfollows : Shred Disintegrate Pulverize Power it off Remove the battery (ifthere is one) Perform a full chip purgeas described in themanufacturer's datasheets8ShredDisintegratePulverizeIncinerate it in a licensedfacility Shred Disintegrate Pulverize

Type of MemoryElectronically ErasablePROM (EEPROM)Erasable ProgrammableROM (EPROM)DestroymechanismsClearmechanisms Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods, and tools. Remove all labels ormarkings that indicate theprevious use orconfidentiality. Clear functioning EPROMby performing anultraviolet purge followingthe manufacturer'srecommendations, but forthree times therecommended length oftime. ShredDisintegratePulverizeIncinerate it in a licensedfacility Shred Disintegrate Pulverize Incinerate it in a licensedfacility. Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods, and tools.Field Programmable GateArray (FPGA) Devices(Non-Volatile)Field Programmable GateArray (FPGA) Devices(Volatile)Flash Cards Overwrite the entiremedium by using aqency approved and validatedoverwriting technologies,methods, and tools Shred Disintegrate PulverizeClear functioning FPGA asfollows : Shred Disintegrate Pulverize Power it off Remove the battery (ifthere is one) Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods, and tools.Table 11 below mayprovide appropriate toolsto accomplish this task .9 Shred Disintegrate Pulverize

Type of MemoryFlash EPROM (FEPROM)DestroymechanismsClearmechanisms Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods, and tools Perform a full chip purgeas described in themanufacturer's datasheets . ShredDisintegratePulverizeIncinerate it in a licensedfacility Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods, and tools Shred Disintegrate Pulverize Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods, and toolsMagnetic Core Memory Degauss in an NSAlCSS approved degausser Shred Disintegrate PulverizeMagnetic Bubble MemoryNon Volatile RAM(NOVRAM) Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods, and toolsEach overwrite mustremain in memory for aperiod longer than thedata did. Remove all power,including battery power.10When practical, the outerchassis C\nd electroniccircuit boards should beremoved from the corememory unit to optimize theperformance of thedestruction device .When practical, the outerchassis and electroniccircuit boards should beremoved from the corememory unit to optimize theperformance of thedestruction device . Shred Disintegrate Pulverize

ClearmechanismsType of MemoryUse the destroymechanismsDestroy by incinerating in alicensed facility or use (anNSA evaluated) adisintegrator to reduce thecard's internal circuit boardand components toparticles that are nominallytwo (2) millimeters in size.PC Cards or PersonalComputer Memory CardInternational Association(PCMCIA) CardsProgrammable ROM(PROM)Use the destroymechanismsPurge the functioningDRAM as follows:RAMROMUSB Storage Devices(Pen drives, thumb drives ,flash drives, memory sticks)-not including hard drivesDestroymechanisms Power it off Remove the battery (ifthere is one) Shred Disintegrate Pulverize"Use the destroymechanisms Shred Disintegrate Pulverize Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods, and tools Shred Disintegrate PulverizeUse the destroymechanismsFor smart card devices&data storage tokens thatare in credit card form, cutor crush the smart card'sinternal memory chip usingmetals snips, a pair ofscissors, or a strip cutshredder (nominal 2 mmwide cuts) . Smart cardspackaged into tokens (i.e.SIM chips, thumb drivesand other physically robustplastic packages) that arenot capable of beingshredded should instead bedestroyed via incinerationor disintegration to 2 mmsize particles.Smart CardsTable 9·8: Memory-Sanitization Mechanisms11

Sanitization Mechanisms for magnetic cards:Type of Magnetic CardMagnetic CardsClearmechanismsDestroymechanisms Overwrite the entiremedium by using agencyapproved and validatedoverwriting technologies,methods, and tools Shred Incinerate by burning in alicensed facilityTable 9-9: Magnetic Cards-Sanitization MechanismsSanitization Mechanisms for other equipment:Type of EquipmentClearmechanismsDestroymechanisms"Copy Machines Perform a full resetUse the manufacturer'sdocumentation or contactthe manufacturer for themethod of restoring thefactory default settings . ShredDisintegratePulverizeIncinerate it in a licensedfacilityFax Machines Perform a full resetUse the manufacturer'sdocumentation or contactthe manufacturer for themethod of restoring thefactory default settings. ShredDisintegratePulverizeIncinerate it in a licensedfacilityTable 9-10: Other Equipment-Sanitization Mechanisms1.5.3Approved Sanitization ToolsThe National Security Agency (NSA) provides a list of evaluated products that are acceptableand approved for high-security disintegrators, optical storage devices destruction devices,punched tape destruction devices. and degaussers. This list can be found athtlp :IJwww.nsa.guvLialgovemmentfmdg.cfm.Additionally, for the electronic wiping of certain digital storage devices, NASA has approved theuse of the following tools:Product NameWebsiteSecure ErasehttD:/lcm rr,ucsd.edu/Hughes/SecureErase.htrii l12

Darik's Boot and Nuke (DBAN)WipeDrive/WipeDrive Prohttp://dban .so urcefOrqe.netnttp:/Iwww.whil ecanyon .oomTable 10-1: Approved Sanitization Tools1.5.4Recording and Verifying SanitizationIn order to ensure proper record keeping and fully meet NIST requirements, it is important thatrecords are kept surrounding sanitization activities for media for systems with a HIGH securityimpact level. These records must be kept for systems with a security impact level of HIGH andare optional for systems with a security impact level of MODERATE or LOW. The form found inAppendix B has the information that should be recorded and tracked for these systems.In addition to sanitization and record keeping activities, it is also necessary to periodically testthe sanitization equipment and procedures to ensure they are performing as intended . Thoseinvolved with sanitization of media should periodically attempt to access and recover informationthat they have just sanitized after following their procedures. If information was successfullyrecovered, then the media should not be considered sanitized and the procedures andequipment should be thoroughly examined to determine where the failure occurred.1.5.5Special ConsiderationsThe following should be taken into consideration when destroying digital storage devices:a. Avoid the unauthorized destruction of records.b. Do not sanitize electronic storage devices that contain federal records as defined in NASAProcedural Directive (NPD) 1440.6G.c. If you are destroying records in compliance with their approved retention schedule, as inNPR 1441.1 0 , you can sanitize the storage device.d. If there is any uncertainty, Centers should contact their local Records Manager forassistance.1.6Media Sanitization Roles and ResponsibilitiesThe following roles and responsibilities are applicable to this SOP.1.6.1Information System OwnerThe Information System Owner is responsible for ensuring that media associated with theirsystems are properly sanitized when appropriate.1.6.2Media Sanitization PersonnelMedia sanitization personnel are responsible for ensuring media is sanitized in an approvedmanner consistent with what is described in this SOP.13

2.Approval14

Appendix A: GlossaryAcronymTermExplanationCMRRCenter for MagneticRecording ResearchCMRR was founded in 1983 by a consortium of U.S.companies in the magnetic recording industry. Itconsists of faculty from various departments at theUniversity of California, San Diego as well as additionalresearchers. Their mission is to excel in research,education, and the transfer of innovative ideas in th

Digital Media Sanitization Process ; Sanitization is the process of removing data from storage devices so that it is impossible or nearly impossible to recover it. The sanitization method depends on the type of storage devices, and it can include removing labels, markings, and activity logs.

Related Documents:

Digital Media Middle East & Middle Eastern Digital Media Awards 29-30 Nov 2022 Riyadh Digital Media Africa & African Digital Media Awards 12-13 July 2022 Virtual Digital Media LATAM & LATAM Digital Media Awards 16-18 Nov 2022 Mexico City Digital Media India & Indian Digital Media Awards 08-10 Mar 2022 Virtual Digital Media Asia &

FLORIDA INTERNATIONAL UNIVERSITY Orprcn op Ixrnnxnr Auorr University Asset Management Accounting Observations . Sanitization procedures and receive training on reporting data breaches. Management Response: Procedures related to Media Sanitization have . According to EHS

Houston Independent School District 10 HISD 2021-2022 Back to School Plan Hygiene Students, staff, and visitors are encouraged to wash/ sanitize their hands regularly. Sanitization stations will be maintained at all HISD schools, facilities, and buildings. Sanitization & Disinfection All district schools and buildings will continue to

iii 1 Mass Media Literacy 1 2 Media Technology 16 3 Media Economics 39 4 Cybermedia 59 5 Legacy Media 75 6 News 98 7 Entertainment 119 8 Public Relations 136 9 Advertising 152 10 Mass Audiences 172 11 Mass Media Effects 190 12 Governance and Mass Media 209 13 Global Mass Media 227 14 Mass Media Law 245 15 Mass Media Ethi

Digital Media Asset Management and Sharing Page 1 Digital Media Asset Management and Sharing Introduction Digital media is one of the fastest growing areas on the internet. According to a market study by Informa Telecoms & Media conducted in 2012, the global online video market only, will reach 37 billion in 2017¹. Other common media

Digital inclusion is defined in various ways and is often used interchangeably with terms such as digital skills, digital participation, digital competence, digital capability, digital engagement and digital literacy (Gann, 2019a). In their guide to digital inclusion for health and social care, NHS Digital (2019) describe digital

v User Guide for Cisco Digital Media Player Device Manager 5.1.x OL-15764-02 Preface Revised: March 14, 2009 Cisco Digital Media System is the collective name for a product family that consists of Cisco Digital Media Manager (DMM) appliances, Cisco Video Portal appliances, Cisco Digital Media Player (DMP)

Python is a general-purpose, interpreted high-level programming language. Its syntax is clear and emphasize readability. Python has a large and comprehensive standard library. Python supports multiple programming paradigms, primarily but not limited to object-oriented, imperative and, to a lesser extent, functional programming .