Describing Secure Data Destruction
These are data sanitation definitions
One method to sanitize media is to use software or hardware products to overwrite storage space on the media with non-sensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also may include all addressable locations.
The security goal of the overwriting process is to replace written data with random data. Overwriting cannot be used for media, drives or devices that are damaged. The media type and size may also influence whether overwriting is a suitable sanitization method.
Degaussing and executing the firmware Secure Erase command (for ATA drives only) are acceptable methods for purging.
Degaussing is exposing the magnetic media to a strong magnetic field in order to disrupt the recorded magnetic domains. A degausser is a device that generates a magnetic field used to sanitize magnetic media.
Degaussers are rated based on the type (i.e., low energy or high energy) of magnetic media they can purge. Degaussers operate using either a strong permanent magnet or an electromagnetic coil. Degaussing can be an effective method for purging damaged or inoperative media, for purging media with exceptionally large storage capacities, or for quickly purging diskettes.
There are many different types, techniques, and procedures for media destruction. If destruction is decided on because of the high security categorization of the information, then after the destruction, the media should be able to withstand a laboratory attack.
Disintegration, Pulverization, Melting, and Incineration. These sanitization methods are designed to completely destroy the media. They are typically carried out at an outsourced metal destruction or licensed incineration facility with the specific capabilities to perform these activities effectively, securely, and safely.
Shredding. Paper shredders can be used to destroy flexible media such as diskettes once the media are physically removed from their outer containers. The shred size of the refuse should be small enough that there is reasonable assurance in proportion to the data confidentiality that the data cannot be reconstructed.
Optical mass storage media, including compact disks (CD, CD-RW, CD-R, CD-ROM), optical disks (DVD),and MO disks, must be destroyed by pulverizing, crosscut shredding or burning.
When material is disintegrated or shredded all residues must be reduced to nominal edge dimensions of five millimeters (5 mm) and surface area of twenty-five square millimeters (25 mm).