Government & Military Policy Guidelines & Directives
As an Information Assurance Security provider to the US Government, Ensconce Data Technology is proud to be compliant with the following US Department of Defense, Civilian Government, Independent Agency and Allied policy Guidelines and Directives. As each agency conducts their own independent evaluation, Ensconce Data Technology will continue to meet, support and exceed those assessments. Our commitment to you will be to post those validated results as they become publicly available.
EDT's Digital Shredder meets and/or supports the following Department of Defense or Civilian Government guidelines concerning Information Security Practices:
- NSA Information Assurance Advisory - NO. IAA 2006-2004 in "Guidance to Designated Approving/Accrediting Authorities (DAAs) regarding the Use of Software Clearing for Downgrading of Hard Disks".
- Deputy Secretary of Defense Memo dated May 29, 2001; Subject: Disposition of Unclassified DoD Computer Hard Drives, signed by Paul Wolfowitz
- National Computer Security Center (NCSC-TG-018); Rainbow Series "Light Blue Book" - A Guide to Understanding Object Reuse in Trusted Systems
- National Computer Security Center (NCSC-TG-025); Rainbow Series "Forest Green Book" - A Guide to Understanding Data Remanence in Automated Information Systems
- National Institute of Standards and Technology (NIST) SP 800-88 - Guidelines for Media Sanitization *
- National Institute of Standards and Technology (NIST) SP 800-14 - Generally Accepted Principles and Practices for Securing Information Technology Systems
- United States Air Force System Security Instructions 5020
- United States Army AR380-19, AR25-1, AR25-2
- United States Navy Staff Office Publication (NAVSO P-5239-26)
- United States Navy OPNAVINST 5239.1A
- United Kingdom - HMG Infosec Standard No. 5; Secure Sanitisation of Protectively Marked Information or Sensitive Information – Issue 2.0, September 2007 (IS5)
- United Kingdom - CESG Manual S; Guidance on Secure Sanitisation and Disposal – Issue 2.0, September 2007 (MANS)
- Australian Department of Defence; Intelligence, Security and International Policy Defence Signals Directorate - Information and Communications Technology Security Manual - ACSI-33
- Royal Canadian Mounted Police; Canadian Government Policy and Procedures for Media Sanitization - RCMP B2-001
- EDT continues to help you respond to Regulatory compliance with FISMA & HIPAA reporting (Disposal, Media Re-Use, Accountability & Audit Controls) as directed by NIST 800-26 Security Self-Assessment Guide for Information Technology Systems (Nov. 2001) mandated by OMB Memorandum M-03-19 Reporting Instructions for the FISMA and Updated Guidance on Quarterly IT Security Reporting (Aug. 2003)
*NIST SP 800-88 identifies Secure Erase as a purge of all data.
||The removal of sensitive data from an Automated Information System (AIS) at the end of a period of processing, including from AIS storage devices and other peripheral devices with storage capacity, in such a way that there is assurance proportional to the sensitivity of the data that the data may not be reconstructed through open-ended laboratory techniques. An AIS must be disconnected from any external network before a purge.
||Removal of sensitive data from an AIS at the end of a period of processing, including from AIS storage devices and other peripheral devices with storage capacity, in such a way that there is assurance, proportional to the sensitivity of the data, that the data may not be reconstructed using normal system capabilities, i.e., through the keyboard. An AIS need not be disconnected from any external network before a clear.
||The Dead on Demand™ Digital Shredder
||Overwriting utilities, such as software
Quote from NIST SP 800-88 (pg. 30):
"For hard drive devices or devices where firmware purge commands can be accessed and utilized, this may be the best option for an organization. Firmware purge commands can provide strong assurance of data protection while allowing the device to be reused."