|
secure
disposal methods by media type
The table below
is based primarily on US Department of Defense standards.
Each organization must make its own determination about the
appropriate level of "deletion" to meet its own
security standards.
In the typology
below, "clearing" is the more minimal form of removing
or obscuring stored information. "Sanitization"
refers to procedures for total removal, that cannot be reversed
by any known techniques or analysis.
Techniques and
analytic methods are always improving. No method short of
total physical destruction (option "M") provides
the assurance of non-recoverability.
| MEDIA |
CLEAR |
SANITIZE |
| Paper |
| all |
S |
M |
| Printers |
|
|
| impact |
G |
P then G |
| ink jet |
G |
? |
| laser |
G |
O then G |
| Magnetic
Tape |
| type I |
A or B |
A, B, or M |
| type II |
A or B |
B or M |
| type III |
A or B |
M |
| Magnetic
disk |
| Bernoulli's |
A, B or C |
M |
| floppies (e.g.,
3.5") |
A, B or C |
M |
| non-removable
rigid (hard) disk |
C |
A, B, D, or
M |
| removable
rigid (hard) disk |
A, B or C |
A, B, D, or
M |
| Optical
Disk |
| rewritable
(read-many, write-many) |
C |
M |
| write once,
read-many |
|
M, N |
| read-only
(e.g., CD-R) |
|
M, N |
| Memory |
| dynamic random
access memory (DRAM) |
C or G |
C, G, or M |
| electronically
alterable PROM (EAPROM) |
I |
J or M |
| electronically
erasable PROM (EEPROM) |
I |
H or M |
| erasable programmable
ROM (EPROM) |
K |
I, then C,
or M |
| flash EPROM
(FEPROM) |
I |
C then I,
or M |
| programmable
ROM (PROM) |
C |
M |
| magnetic bubble
memory |
C |
A, B, C, or
M |
| magnetic core
memory |
C |
A, B, E, or
M |
| magnetic plated
wire |
C |
C and F, or
M |
| magnetic resistive
memory |
C |
M |
| non-volatile
RAM (NOVRAM) |
C or G |
C, G, or M |
| read-only
memory (ROM) |
|
M |
| static random
access memory (SRAM) |
C or G |
C and F, G,
or M |
| Other |
| CRT monitors |
G |
Q or M |
| LCD and plasma
monitors |
G |
Q or M |
A. degauss with
Type I degausser.
B. degauss with
Type II degausser.
C. Overwrite all
addressable locations with a single character.
D. Overwrite all
addressable locations with a character, its complement, then
a random character, and then verify. (Note: DoD standards
do not permit this method for sanitizing media containing
top secret information.)
E. Overwrite all
addressable locations with a character, its complement, then
a random character.
F. Each overwrite
must reside in memory for a period longer than the classified
data resided.
G. Remove all power,
including any battery power.
H. Overwrite all
locations with a random pattern, all locations with binary
zeros, and finally all locations with binary ones.
I. Perform a full
chip erase as per manufacturer's data sheets.
J. Perform I above,
then C above, a total of three times.
K. Perform an ultraviolet
erase according to manufacturer's recommendation.
L. Perform K above,
but increase time by a factor of three.
M. Destroy by disintegration,
incineration, pulverization, shredding (except for paper),
or smelting. Paper may be pulverized or chemically macerated.
N. Under US DoD
5220.22-M standards, destruction is required only if classified
information is contained. Organizations must determine what,
if any, of their information is "unclassified."
If unclassified and classified information is mixed on a storage
unit, it must be destroyed.
O. Run five pages
of unclassified text (font test acceptable).
P. Ribbons must
be destroyed. Platens must be cleaned.
Q. Inspect and/or
test screen surface for evidence of burned-in information.
If present, the screen must be destroyed.
S. Shred with strip
shredder. Use cross-cut shredder for more sensitive information.
(Note: US DoD 5220.22-M standards do not cover paper information.)
?. No established
standard.
See also:
|
