Media Sanitization Procedures

1. Procedure Subject Area: This document describes procedures for sanitizing various types of
data storage media. The NIST Recommended Computer Security Procedures document
paragraph 11.!" the #inancia$ Information Systems Contro$s %udit &anua$ '#ISC%&( section
%C ".) NIST Specia$ Pub$ications *!!+1* ').).,( and *!!+-. '".-.1- *.-.* *.-./( and the
NIST System 0eve$opment 1ife Cyc$e &anagement po$icy re2uire that media containing
sensitive NIST data be erased using a repeated over3rite operation purged degaussed or
destroyed prior to recyc$ing reusing donating or disposa$ of the storage media.
-. Procedures: Storage media may be sanitized using severa$ methods as fo$$o3s:
-.-.1. 0ata 4ver3riting %pp$ications
-.-.-. &agnetic 0egaussing
-.-.". C0 0ata 0estroyer
-.1. Scope: P$ease see the scope and bac5ground 3ithin each specific method.
-.-. Specific Procedures:
-.-.1 Data Overwriting Applications (Active KillDisk for intel!SuperScrubber for
Apple Mac"ntos#$
-.-.1.1 Scope and %ackground: The %ctive 6i$$0is5 soft3are is e7ecuted from a
bootab$e f$oppy dis5 that boots to 04S. The soft3are is operating system fi$e system
and hard dis5 drive '800( independent9 ho3ever it is architecture:processor dependent
and can be used on$y 3ith PC:Inte$ compatib$e processors. The SuperScrubber soft3are
is e7ecuted from a bootab$e C0 R4& and can be used on$y 3ith %pp$e &ac machines
that are capab$e of running &ac 4S ; <ersion 1!.- '=aguar(. % firm3are upgrade may be
re2uired prior to running the SuperScrubber app$ication 'visit
#ttp:!!www&apple&co'!support for more information(. If the drive to be sanitized
cannot be insta$$ed in a PC:Inte$ compatib$e or %pp$e &ac machine the drive 3i$$ have to
be degaussed for sanitization 'see -.-.- and heed associated important note(. The %ctive
6i$$0is5 app$ication 3i$$ a$so erase >ip dis5s and f$oppy dis5ettes 'if the PC has t3o
f$oppy drives(.
?ti$ities such as #4R&%T on$y create ne3 #%T and R44T tab$es $eaving a$$
previous data on the dis5 intact and recoverab$e. &oreover an image of the rep$aced
#%T and R44T tab$es is stored so that the ?N#4R&%T command can be used to
restore them. 4ther uti$ities such as #0IS6 mere$y c$ean the Partition Tab$e '$ocated
in the drive@s first sector( and do not c$ean or erase anything e$se. This situation
necessitates the use of a data destruction uti$ity that erases data by over3riting a$$
addressab$e $ocations on the dis5 3ith random data. The %ctive 6i$$0is5 Professiona$
and SuperScrubber app$ications over3rite a$$ addressab$e storage and inde7ing
$ocations on the drive three times 3ith zeros and:or random data for each sing$e pass.
#or this reason the over3riting soft3are shou$d be used 3ith caution as data is erased
comp$ete$y 3ithout possibi$ity of recovery. #or more information on the %ctive
6i$$0is5 soft3are visit the 3ebsite at #ttp:!!www&killdisk&co'!eraser&#t'. #or
1
more information on the SuperScrubber soft3are visit the 3ebsite at
#ttp:!!www&superscrubber&co'.
-.-.1.- i(A) Procedure for intel and Apple Mac (%oulder and *ait#ersburg$:
To sanitize both Ainte$ and %pp$e &ac 800s submit a re2uest through iT%C to generate
a 3or5 re2uest for PC 8ard3are Support to perform the data erasure. P$ease provide the
fo$$o3ing information:
8o3 many machines or drives re2uire sanitization
The NIST property number from each machine
Ahere each machine is $ocated
Based on the iT%C service re2uest PC 8ard3are Support 3i$$ contact you to schedu$e a
time to pic5 up the machine's( to be erased. %fter the hard drive or drives have been
sanitized PC 8ard3are Support 3i$$ then return the machine to you. Typica$$y there is a
four day turn around for erasing hard drives. In the event of an emergency PC 8ard3are
Support may provide same day service.
-.-.1." O+ Procedure for intel Onl, (%oulder and *ait#ersburg$
#or Ainte$ machines on$y the media may be sanitized at the 4? 0ivision Croup or
System $eve$ uti$izing the %ctive 6i$$0is5 app$ication provided to each 4? ITS4 by the
NIST ITS4 by fo$$o3ing the instructions be$o3:
a( 4btain a bootab$e f$oppy dis5 containing the %ctive 6i$$0is5 app$ication from
your 4? ITS4 or the NIST ITS4. The app$ication is $icensed D do not 'ake additional
copies. If you re2uire additiona$ copies re2uest them from the NIST ITS4.
The f$oppy dis5 provided by the NIST ITS4 a$so contains the %ctive 6i$$0is5 app$ication
manua$ supp$ied by the vendor.
b( Aith the PC po3er off insert the %ctive 6i$$0is5 f$oppy dis5 into the f$oppy
dis5 drive.
c( Start the PC by turning on the po3er. The soft3are 3i$$ e7ecute automatica$$y
detect a$$ system drives and disp$ay drive information on the monitor.
d( ?sing the 5eyboard arro3 5eys se$ect the drive you 3ish to erase and press
the EFnterG 5ey. The H0ata Frase AarningI sp$ash bo7 appears:
-
e( Confirm your choice to erase data on the se$ected drive by pressing the $etter
EJG on the 5eyboard. The H1eve$ of SecurityI sp$ash bo7 appears:
f( 6ey in the $eve$ of security by typing in a number bet3een 1 and // and press
the EFnterG 5ey. Three dis5 3rite head passes 3i$$ occur for each number bet3een 1 and
"
// 'i.e. if number , is se$ected 1, dis5 3rite head passes 3i$$ occur(. % higher number of
passes 3i$$ ensure a higher $eve$ of security. Fach time the 3rite head passes over the
dis5 surface more of the residua$ data charge 3i$$ be removed from the dis5 surface.
P$ease note that the erasing procedure is time consuming and additiona$ time is uti$ized
for each added $eve$ of security. The H%ctive 6i$$ 0is5I sp$ash bo7 appears:
g( This is the userKs $ast chance to stop the process before removing data from the
se$ected drive forever. If you do not 3ant to remove a$$ the data you may e7it the
app$ication by pressing the EFscG 5ey. Jou 3i$$ then be returned to the command prompt.
If you 3ant to continue 3ith permanent data remova$ type 6I110IS6 and press the
EFNTFRG 5ey. Jou 3i$$ be ab$e to vie3 the progress of the erasing procedure in the H0is5
FrasingI sp$ash bo7:
)
h( If for any reason you 3ish to stop the process after it has begun press the
EFscG 5ey9 ho3ever data erased up to that point 3i$$ not be recoverab$e.
i( The app$ication 3i$$ continue to operate on its o3n 3ithout human
intervention. If there are any errors 'for e7amp$e due to bad c$usters( they 3i$$ be
reported on the screen. If such a message appears it 3i$$ be possib$e to cance$ the
operation 'by pressing EFscG( or continue erasing data.
L( In order to use any erased 800s again you 3i$$ need to:
a. Repartition the 800 using a standard uti$ity $i5e #0IS6
b. Reformat partitions using a standard uti$ity $i5e #4R&%T
c. Reinsta$$ the operating system using a bootab$e C0+R4& or f$oppy
-.-.- Magnetic Degaussing
-.-.-.1 Scope and %ackground: &agnetic media containing sensitive data that cannot
be erased using an approved repeated over3rite operation shou$d be degaussed to
comp$ete$y erase data prior to recyc$ing reusing donating or disposa$ of the storage
media. The degausser 3i$$ erase data from a$$ magnetic media formats inc$uding a$$
o7ide M meta$ partic$e video cassettes a$$ ree$ formats up to 1.N diameter inc$uding -N
panca5es up to 1.N diameter a$$ computer bac5up tape cartridges f$oppy dis5ettes and
hard dis5 drives.
The degausser NIST has purchased '<erity Systems S</1&( provides a degaussing force
of )!!! gauss and an erasure depth of bet3een DO, and D/! dB. Ahi$e this e2uipment
meets ?.S. #edera$ specifications for erasure of top secret data the manufacturer has not
submitted the e2uipment for officia$ approva$ due to prohibitive$y e7pensive costs for
such approva$.
"MPO-(A.( .O(/: 8ard dis5 drives are rendered per'anentl, unusable
by the degausser. 8ard dis5 drives shou$d on$y be submitted for degaussing
if they are no $onger needed are technica$$y obso$ete or have a$ready been
damaged. 4ther magnetic media can be reused but may re2uire reformatting.
-.-.-.- Procedure (%oulder and *ait#ersburg$:
1( Submit a re2uest through iT%C 'phone e+mai$ etc.(. P$ease provide the fo$$o3ing
information:
Type of media re2uiring degaussing
8o3 many units re2uire degaussing
Ahether or not you 3ant the media returned
%ny time constraints for return of the media
,
-( Based on the iT%C 3or5 order PC 8ard3are Support 3i$$ contact you to schedu$e an
appointment. 0o not ta5e media to the PC 8ard3are Support office unti$ you have been
contacted by a PC 8ard3are Support representative.
"( %t the appointed time media must be physica$$y ta5en to the PC 8ard3are Support
office in Caithersburg bui$ding 1!1 room %"O 'in the basement(. #or Bou$der the
media must be ta5en to the IT%C office in bui$ding 1 room )!,!.
)( In most cases for degaussing Lobs of 1! units or $ess PC 8ard3are Support 3i$$ be
ab$e to comp$ete the degaussing 3hi$e you 3ait.
,( PC 8ard3are Support 3i$$ contact the customer upon comp$etion of the degaussing if
it cannot be comp$eted immediate$y. The customer may then retrieve the media from the
PC 8ard3are Support office or have PC 8ard3are Support dispose of the media.
-.-." )D Data Destro,er
-.-.".1 Scope: The C0 data destroyer may be used to physica$$y scrape the data+
containing surface from any C0 or 0<0. Because this process renders the C0 or 0<0
unusab$e the C0 data destroyer shou$d on$y be used to dispose of media that is no $onger
needed.
-.-.".- Procedure (*ait#ersburg$:
1( Comp$ete the attached HRe2uest for &edia 0estructionI form.
-( Ta5e the comp$eted form a$ong 3ith the C0s or 0<0s that you 3ish to have
destroyed to the Centra$ Computing #aci$ity 'CC#( $ocated in the basement of bui$ding
--, room %!-.
"( Ring the be$$ at the CC# visitorKs 3indo3 and give the media to the operator on duty.
)( Fnter the destruction re2uest in the $og supp$ied by the CC# 4perations Staff.
,( CC# 4perations personne$ 3i$$ destroy the media and dispose of it.
-.-."." Procedure (%oulder$:
1( Ta5e the C0s or 0<0s that you 3ish to have destroyed to the Bou$der iT%C office
bui$ding 1 room )!,!.
-( % Remedy tic5et for the destruction 3i$$ be created.
"( Bou$der PC Support personne$ 3i$$ destroy the media and dispose of it.

.
-e0uest for Media Destruction
Re2uestors Name:PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
' P1F%SF PRINT (
NIST 0ivision: PPPPPPP
4ffice F7tension: PPPPPPPPPP
Type of &edia: PPPPPPPPPPPP
Quantity: PPPPPPPPPPP
<o$ume Seria$ Numbers 'if any(: PPPPPPPPPPP
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Signature:PPPPPPPPPPPPPPPPPPPPPPPPPP
Comments: __________________________________
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
#or CC# ?se on$y:
4perator Initia$: _____
#NRdata:nist:forms:media.destruction.form.doc
O