On Tue, Apr 29, 2008 at 1:33 PM, Joe Heaton <[EMAIL PROTECTED]> wrote: > I've looked at those pages, and agree with the requirements, but there's > really nothing > specified in that document on how a hard drive should be erased ...
An older edition of NISPOM[1] specified particular methods for particular scenarios. Newer editions removed explicit instruction. Sanitization requirements are now issued separately by the CSA[2]. I believe this was done to keep things flexible, as getting an official NISPOM revision made is like mating Elephants[3], and technology changes too quickly. The DSS[4] issues a "Clearing and Sanitization Matrix" which contains requirements. The current edition of the C&SM doesn't allow software methods for magnetic media. A lot of people say refer to "DoD 5220.22-M" as if it specifies a single sanitization method, which it never has, even when it specified specific methods. I suspect the most common (mis)usage would be to mean what is now DSS C&SM Method "d", which is: "Overwrite all addressable locations with a character, its complement, then a random character". [1] National Industrial Security Program Operating Manual (DoD 5220.22-M) [2] Cognizant Security Authority [3] Done at a high level, with a great deal of roaring and screaming, and it takes two years to get results [4] Defense Security Service, the CSA for most DoD stuff Are you sorry you asked now? :-) -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
