What is a Media Sanitization Policy?
Media sanitization and disposal policy
Mobile phones, desktop and laptop computer systems, external hard drives, USB drives, and removable storage media such as CDs, DVDs, ZIP drives, and even MP3 players routinely store a wealth of valuable or sensitive information for individuals and corporate bodies alike. This can include photographs, videos, documents, employment records, personal and financial credentials, health information, passwords, trade secrets, and intellectual property.
Cybercriminals and other malicious actors gaining access to this data can use it for financial gain, extortion, sabotage, identity theft, and other illegal activities. One of the simplest ways to gain such access is when a storage device comes into their direct possession.
As individuals and organizations upgrade their electronic or IT equipment and update their records, they may discard old hardware and storage media or pass on obsolete equipment to third parties by donation or reselling. This throws them open to the risk of making sensitive information available — particularly if storage media has not been properly sanitized before disposal.
The Purpose Of Media Sanitization
When sensitive or private data is effectively removed from storage media or destroyed before the devices housing them are recycled, reused, disposed of, or discarded, the media are said to have been sanitized.
The National Institute of Standards and Technology (NIST) defines media sanitization as “the general process of removing data from storage media, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed.”
So in effect, media sanitization means the secure erasure of information from storage devices. This removal process is variously referred to as data removal, data sanitization, and data/media destruction.
NIST media sanitization procedures are carried out in line with recommendations laid down by the National Institute of Standards and Technology, but other standards exist.
For example, DoD media sanitization techniques are implemented in line with the practices favored by the US Department of Defense.
What is a Media Sanitization Policy?
A media sanitization policy is a formal document setting out an organization’s stance on the handling and disposition of storage devices and media holding sensitive or confidential information. It outlines the media sanitization procedures that should be followed in the cleansing of various media types, the responsibilities of the various parties involved in the sanitization process, and any penalties for contravention of its terms.
You may hear various alternate names for such documents, including media sanitization and disposal policy or digital media sanitization reuse & destruction policy.
In 2015, the National Institute of Standards and Technology published a document titled NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization (February 2015), which has provided the basis for media sanitization principles and best practices in the years to follow.
The NIST 800 88 guidelines for media sanitization give detailed guidelines for the sanitization of data storage media.
The NIST SP 800 88 guidelines for media sanitization also describe several techniques which are commonly used for secure hard drive disposal, hard drive destruction, and the proper sanitization of electronic storage media.
The NIST media sanitization guidelines Section 3 covers the recommended roles and responsibilities of staff members involved in media sanitization. Section 4 outlines a detailed process for deciding which type of media sanitization is appropriate in each specific case.
In the NIST guidelines for media sanitization, Appendix A, you’ll find recommendations of specific methods to implement each type of sanitization for a very broad range of media types and storage devices historically or currently used in information technology. This includes devices such as copiers and fax machines, as well as storage media such as paper, hard drives, and many different kinds of memory.
Note that these guidelines for media sanitization are recommendations rather than legally binding conditions. However, following these recommendations does provide practices that comply with the regulatory data handling conditions imposed by many industries.
Media Sanitization Scope
NIST SP 800 88 describes several media sanitization methods. They include:
Under the NIST guidelines for media sanitization, this goes beyond simple file deletion to provide a level of media sanitization that protects the confidentiality of information against robust keyboard attacks from standard input devices and data scavenging tools. Clearing must also prevent data from being retrieved by data, disk, or file recovery utilities.
Media sanitization tools in this category include data wiping software, HDD shredder software, and device or operating system specialist commands like Secure Delete and Secure Erase.
Purging protects the confidentiality of information against laboratory attacks involving advanced non-standard data recovery techniques on storage media outside of their typical operating environment. These types of attacks typically enlist the services of specially trained personnel using signal processing equipment.
For clearing and purging operations, the organization implementing the procedures should produce a certificate of sanitization for each item they process.
Destruction of storage media is the ultimate form of sanitization. After the media are destroyed, they cannot be reused as originally intended and must either be recycled for their base materials or disposed of in an environmentally safe manner. Media sanitization procedures in this category include shredding using HDD shredder technologies, crushing with a hard drive crusher, disintegration, melting, and incineration.
Media Sanitization Standards
As we have observed, several media sanitization standards co-exist.
The Information Security Office (ISO) sets out the following baseline controls for sanitization and disposal of media that records and/or stores institutional data:
ME-1 (as defined under the National Institute for Standards and Technology Special Publication 800-88): A single-pass overwrite is recommended for magnetic or solid-state media. A firmware-based Secure Erase is recommended over a software-based overwrite, wherever possible.
ME-2: Media destruction should be performed in a manner consistent with techniques recommended by Appendix A of NIST Special Publication 800-88.
ME-3: Common techniques for destroying Institutional Data in written or printed form include cross shredding or incineration.
In all cases, whenever storage media must be entrusted to a third party prior to sanitization, a confidentiality and non-disclosure agreement (NDA) should also be put in place.
The DoD media sanitization standard, DoD 5220.22-M specifies a hard drive overwriting process that replaces information on a hard drive with random patterns of ones and zeros. The standard specifies three overwriting passes.
Data or media sanitization standards may also be laid down by specific industries or market sectors. For example, the Health Insurance Portability and Accountability Act (HIPAA) which governs information handling and data privacy in the health sector, has a Security Rule, Administrative Safeguards, and Organizational Requirements that deal specifically with media and data sanitization.
The Sarbanes-Oxley (SOX) Act which governs data privacy and security in the financial sector, calls for accounting firms that audit publicly traded companies to keep related audit documents for no less than seven years after the completion of an audit. Penalties for non-compliance can reach up to $10 million in fines and 20 years in prison.
Media Sanitization Policy History
For many years, the US Department Of Defense (DoD) Media Sanitization Guidelines 5220.22-M were taken as the gold standard for media sanitization policy implementation, with many sanitization vendors and manufacturers citing their service or product’s compliance with the terms of DoD 5220.22-M as proof of their authenticity.
However, DoD 5220.22-M was never approved by the Department of Defense for civilian media sanitization. More importantly, the DoD never intended for it to become a standard for classified data. In fact, for its own classified information, the DoD requires a combination of wiping, magnetic degaussing, and/or physical destruction.
In more recent times, independent verification of data erasure has been the principal factor in certified compliance oversight. As such, the National Institute for Standards and Technology’s (NIST) Special Publication 800-88: Guidelines for Media Sanitization has become the go-to standard for data sanitization compliance.
The Minimum Sanitization Recommendations in Appendix A of the NIST SP 800 88 guidelines for media sanitization document spell out the preferred methodologies for securely wiping hard drives and other media.
The NIST 800 88 guidelines for media sanitization have also become a global reference document, with its principles incorporated into international standards such as ISO/IEC 27040:2015.
The principles of NIST 800-88 come into play whenever the security status of a media asset changes in some way. This might be when a media asset moves from a high level of confidential protection in one department to another with fewer safeguards or when a storage device leaves the custody or premises on an organization entirely. They are, therefore, an integral consideration for organizations looking to draft a digital media sanitization reuse & destruction policy.
The methods that your organization employs to sanitize data — and by implication, the terms of any policy governing media sanitization — will greatly depend on the level of confidentiality of that information. These decisions will, in turn, be informed by the life cycle of data within your organization.
In terms of the confidentiality of the data stored on these devices, the NIST guidelines recommend that you draft your media sanitization framework on this basis:
Understand and categorize the information on your storage media according to its confidentiality levels.
Assess the nature of each storage medium.
Weigh the risk to confidentiality that each device faces.
Determine how the storage media will be used in the future (e.g., reused within your organization, donated to charity, shredded).
Decide on the most appropriate sanitization method for each media type, taking factors such as cost, environmental impact, and required skills or technologies into account.
Media Sanitization Policy Example Template
The government of the state of Michigan publishes a media sanitization policy example, with a layout that organizations in all sectors can adapt for their use as a digital media sanitization reuse & destruction policy template.Here’s a summary of the content:
Media Sanitization and Destruction Policy
What To Look For In A Media Sanitization Service
If you engage the expertise of a professional media sanitization service, make sure that the organization is prepared to document the Chain of Custody of all equipment that they handle on your behalf. This documentation should include a detailed certificate for each piece of electronic media that has been sanitized.
TechReset specializes in the secure and sustainable disposal of electronic waste (e-waste) and secure erasure or eradication of all confidential data through hard drive shredding or certified data cleansing. We provide our clients with a unique Certificate of Data Cleanse or Destruction on each individual drive that guarantees all sensitive information has been securely eliminated from your devices.
TechReset also offers responsible hard drive shredding and disposal, a service that ensures complete data destruction, accompanied by a certification guarantee.
TechReset (formerly OEM Corporation) has partnered with reBOOT Canada to deliver essential technology to underserved Canadians through a unique partnership that will donate up to $750,000