Hi, "Jonathan G. Lampe" <jonathan@stdnet.com> writes: > OK, I'm sure this one will start a flame war, but...I work for a vendor > whose products overwrite files when "deleting" them as a way of > protecting old data. Lately several customers have been asking for "NSA" > or "DoD" standard overwrites, usually with a value of 3, 7 or 9. (Our > response to the feature was to more or less let the owner of the product > pick the number of overwrites; the obvious tradeoff is > morewrites=slowerdisk.) This is rather besides the point in modern disk drives anyway. Physical sectors can get remapped on the fly (which would become only more likely at the end of media service life) and are no longer guaranteed to map to physical sectors. As a result, data can be moved out to spare sectors which may still be perfectly readable afterwards. In addition, remanence can still be exploited after multiple overwrites in a suitable lab environment (and while magnetic domains have gotten *a lot* smaller, coercivity has gone up to match, and sensors have more than kept up with this march down the scale -- atomic force microscopes can be bought off the shelf). > Anyway, while researching how we wanted to document recommended values for > the overwrite feature, I looked into the "DoD" and "NSA" standards. > > I was not surprised to see that a "DoD standard" DOES exist: > Government name: DoD 5220.22-M > A nice summary: http://www.zdelete.com/dod.htm (not my product) > Some original documents: http://www.dss.mil/isec/nispom.htm > Long story short: 1 overwrite = CLEAR, 3 overwrites = SANITIZED > (non-removable rigid disk) For secret and below. > I was surprised, however, to learn that a "NSA standard" DOES NOT exist. Not too surprising, because NSA is the entity that creates such documents in its assigned role within DoD. These become binding within DoD once they get promulgated at the appropriate level and are also used elsewhere in US government, typically by simple reference (e.g. in the case of DoE). DSS have relevant information for industrial applications on their web site at http://www.dss.mil/infoas/. > So...could this finally be the end of IT employees casually tossing around > the "NSA overwrite standard" - or is there something I'm missing? Individual services can and do, of course, further specify the general guidance. NAVSO P-5239-26 is one example of a service (Navy) guideline. > Second, where did the number 7 really come from? (It seems to be the > leading recommendation out there right now for number of overwrites and is > frequently attributed to the NSA.) Urban legend. And silly, too. For most magnetic media and especially commodity PCs, the labor cost and downtime for overwriting isn't worth the bother. Destruction will usually be more efficient anyway. And if for some reason there are no facilities or procedures for this at a given site, I believe the media can even be shipped to NSA for proper processing. -- later, Stephen Fraunhofer-IGD | mailto: Stephen Wolthusen | wolt@igd.fhg.de Fraunhoferstr. 5 | swolthusen@acm.org 64283 Darmstadt | swolthusen@ieee.org GERMANY | | Tel +49 (0) 6151 155 539 | Fax: +49 (0) 6151 155 499
