博客

Mobile Phones Data Sanitisation Standards

If you are dealing with used mobile devices, you may have heard of data erasure standards like DoD (the U.S. Department of Defense), NIST (National Institute of Standards and Technology), ADISA (Asset Disposal & Information Security Alliance) and R1-R2. Are you following the right wiping standard?

The DoD standard

The “DoD standard” was issued by the National Industrial Security Program (NISP). It is generally applicable in the United States and establishes the standard procedures and requirements for all the US federal Executive Branch Departments and Agencies and all government contractors located within the United States and its territories who deal with classified information. The current version of the standard DoD 5220.22-M “National Industry Security Program Operating Manual (NISPOM)1 covers the entire field of government–industrial security.

In 2014, the DoD decided to use NIST’s RMF standards requiring a combination of wiping following NIST SP 800-88 guideline and physical destruction. In a DoD Instruction memo (8510.01)2 The Department of Defence approves for the first time this standard for civilian media sanitisation.

NIST

NIST Special Publication 800-88 “Guidelines for Media Sanitization”3 was published in 2006 by the National Institute of Standards and Technology (NIST) to protect the privacy of organisations and citizens of the US. The current update was issued in 2012, and it promotes guidelines for sanitising electronic media by overwriting, secure erasure, and physical destruction methods for all industries. Over the past few years, NIST SP 800-88 has replaced the DoD standard becoming the dominant data wiping standard for the US.

According to the NIST SP 800-88, there are three of the most common methods of media sanitization devices such as cell phones:

Clearing is the process of overwriting with non-sensitive data the logical storage location of a file and all addressable locations by using software or hardware products. Written data are replaced with random data and verified. This method cannot be used for damaged or not rewriteable media. Clearing would protect the confidentiality of information against a robust keyboard attack.

Purging protects the confidentiality of information against a laboratory attack. The magnetic field generated by a degausser removes the data from the device with the verification after. Degaussing an effective method for purging damaged media or media with exceptional storage capacities. Typically, this type of media sanitising is considered the golden standard by the National Security Agency (NSA).

Destroying make it possible to destroy the media, so they will be able to withstand a laboratory attack. Recommended types for cell phone destruction are shred, disintegrate, pulverise and incinerate by burning cell phones in a licensed incinerator.

Certified NSYS Erasure methods support high standards of the industry regulations such as NIST SP 800-88 (Rev. 1) “Guidelines for Media Sanitization” and use Clear and Purge methods, also meets R2 standard to ensure the quality, transparency, and environmental and social responsibility of R2 certified electronics recycling facilities.

ADISA

The ADISA Industry Standards apply to companies that participate in IT asset recovery, leasing, logistics, repair centre and the IT Asset Disposal Standard. The ADISA audit process includes unannounced operational audits and forensic audits. It accepts the highest industry standards and reflects current best practices for handling data-carrying assets.

NSYS Tools erasure methods have successfully passed testing attack using ADISA Product Claims Test Method v1.0 in 2018 and have received certification by ADISA confirming that NSYS Erasure software can be used to sanitise data against ADISA risk levels 1 and 2.

Download certification

References:

  1. National Industrial Security Program Operating Manual (NISPOM), February 2006, Incorporating Change 1 March 28, 2013
  2. Department of Defense Instruction 8510.01, March 12, 2014, Incorporating Change 1, Effective May 24, 2016
  3. NIST Special Publication 800-88, Revision 1, Guidelines for Media Sanitization
安排演示
您也可以阅读
Amazon new deal with Apple affected Amazon Renewed Program
星期一 17 十二月 2018
NSYS Group Team
In autumn 2018 numbers of Apple refurbishers had been received the letter from Amazon warning about the new agreement with Apple.
阅读约需10分钟
Huawei aims to become a №1 smartphone seller worldwide by 2020
星期三 05 十二月 2018
NSYS Group Team
Richard Yu, a CEO of Huawei Consumer Business Group, told CNBC in an exclusive interview that he aims to make the company the number one smartphone vendor in the world by 2020 after overtaking Apple this year.
阅读约需6分钟
安排演示
欢迎联系我们,了解一下怎么提高您的公司利润,有效发展手机销售业务。我们的专家会说多种语言,可以用您的母语给您安排免费NSYS Tools演示。
  • 必填
    必填
    必填
    必填
  • 为了我们对产品演示更加个性化,麻烦您回答下面问题
    您的商业类型是什么?
    请至少选择一个答案
    您如何找到我们?
    我们如何与您联系?