Disk Sanitization Overview

Report
Disk Clearing
and
Disk Sanitization
Action Plan for Success
NetApp - Proprietary & Confidential
1
Where is Disk Clearing and Disk Sanitization
Defined?
 US Department of Defense Standard
– “ISFO Process Manual V3 14 June 2011”
– Defacto standard for Disk Clearing and Disk
Sanitization.
– Has been revised several times and has had
several name changes. They are all outdated
and should no longer be referenced.
 “DOD 5220.22-M NISPOM”
 “NIST Special Publication 800-88 Guidelines for
Media Sanitization”
 “ODAA Process Guide for C&A of Classified
Systems under NISPOM”
NetApp - Proprietary & Confidential
2
What is Disk Clearing / Disk Sanitization?
 Disk Clearing
–
A procedure by which classified information is removed in such a manner
that known non-laboratory attacks (i.e., keyboard attacks) will be unable to
recover the information.
 Disk Sanitization
–
–
–
–
–
A procedure by which classified information is completely removed and even
a laboratory attack using known techniques or analysis will not recover any
information. Sanitization of memory and media is required if a system is
being “released” to users with access level lower than the accreditation level.
Note that memory is required to be overwritten as well for both. The tools
available to the NetApp PSE/PSCs don’t include a method to overwrite a
NetApp storage controller’s memory.
Acceptable methods of disk destruction include incineration, grinding/sanding
the surface to dust, smelting, or acid.
Shredding and degaussing are not acceptable methods of disk sanitization
through destruction.
Requirements for tracking disks once they are sanitized is included in the
standard. NetApp doesn’t do tracking of disks once they are returned.
 The preferred term to describe the NetApp service offering is “Disk
Erasure”, not “Disk Clearing”, or “Disk Sanitization”.
NetApp - Proprietary & Confidential
3
How Can This be Done in DataONTAP?

Disk Sanitization Command
–
–

Disk Clearing Operations
–

Requires a special zero dollar license.
Can not be uninstalled without reloading DataONTAP.
Overwrite all addressable locations with a single character utilizing an approved
overwrite utility.
Disk Sanitization Operations
–
–
–
–
–
–
–
Overwrite all addressable locations with a pattern, and then its complement, and finally
with another unclassified pattern.
Above counts as three cycles, sanitization is not complete until three cycles are
successfully completed.
Once complete, there is a requirement to verify a sample. Tools to verify a sample of
disk are not available to NetApp PSE/PSCs.
If any part of the disk can not be written to, the disk must be destroyed, according to
DoD standards. NetApp does not make a service available for disk destruction; however,
NetApp does have an offering for non-returning of disks.
An acceptable set of patterns to use is supplied in the US Department of Defense
document.
Use of a random pattern is no longer part of the disk sanitization requirements.
Three passes of a single set of writes is clearly called out in the current standard. The
documentation clarifies that the standard is not three of each pass, for a total of 9 writes
as was mistakenly assumed by numerous implementers in the past.
NetApp - Proprietary & Confidential
4
What are the DataONTAP Commands?
 Disk Clearing Command
disk sanitize start -f -p 0x00 -c 1 DISK
 Disk Sanitization Command
disk sanitize start -f -p 0x00110101 -p 0x11001010 -p 0x10010111 -c 1 DISK
 Important Notes
– It is only possible to run the disk sanitization
command against a single disk.
– The disk sanitization command can not be run on
broken or failed disks.
– The customer may request that NetApp perform a
‘Disk Sanitization’ even without the ability to
sanitize the storage controller cluster’s memory.
– NetApp PSE/PSCs only perform “Disk Clearing”, as
there are significant requirements for tracking disks
once they have been “Sanitized”.
NetApp - Proprietary & Confidential
5
What are the Specific Tasks?

Get signoff from the customer to sanitize a system.
–
Need to ensure that the customer understands that this operation can not be undone.
–
See sample signoff text, select the one based upon if this is a paid engagement or not.

Install Disk Sanitization license on the NetApp storage controller.

Make sure that the motherboard, shelf and disk firmware are up to date.

Remove all failed disks from the storage controller. These disk will need to be disposed of by the customer.

If all disks are part of a single root aggregate, you will need to build a new volume and aggregate composed of a
minimal number of disks.
–
Copy the active root volume to the newly created aggregate.
–
Make the new root volume the boot volume.
–
Reboot the storage controller to make the change live.

Destroy all aggregates, except for the root aggregate.

Destroy all volumes, except for the root volume.

Run the appropriate DataONTAP command for each disk to start the disk clearing or sanitization process.

Wait for process to complete. Progress can be checked via the “disk sanitize status” command and the “sysconfig
–r” command.

Make note of disks that fail the sanitize process. They will need to be removed and disposed of appropriately by
the customer. Note that there may be an additional charge for non-return of disks.

Capture the final output of the “sysconfig –r” command.

Reboot the system to maintenance mode and perform a 4a.

Fill out the statement of completion.
–
See attached sample, select the sample text based upon if this is a paid engagement or not.
NetApp - Proprietary & Confidential
6
Authorization For Disk Erasure
The customer, REPLACE_NAME_HERE requests that disk erasure work be
performed according to US Department of Defense Standard ISFO Process Manual V3 14
June 2011 on the following NetApp storage controllers:


REPLACE_NAME, SN# REPLACE_SSN
REPLACE_NAME, SN# REPLACE_SSN
The customer understands that the disk erasure process is non-reversable once
started and all existing data on the storage controllers named above will be nonrecoverable.
This work will be performed under NetApp purchase number
REPLACE_PO_NUMBER.
Signed for Customer: _________________________
Print name: _________________________
Date: _________________________
NetApp - Proprietary & Confidential
7
Authorization For Disk Erasure
The customer, REPLACE_NAME_HERE requests that disk erasure work be
performed according to US Department of Defense Standard ISFO Process Manual V3 14
June 2011 on the following NetApp storage controllers:


REPLACE_NAME, SN# REPLACE_SSN
REPLACE_NAME, SN# REPLACE_SSN
The customer understands that the disk erasure process is non-reversable once
started and all existing data on the storage controllers named above will be nonrecoverable.
This work will be performed without charge to the customer.
Signed for Customer: _________________________
Print name: _________________________
Date: _________________________
NetApp - Proprietary & Confidential
8
Completion of Disk Erasure Work
Disk erasure work was performed on the following NetApp storage
controllers using the built in DataONTAP tools:
 REPLACE_NAME, SN# REPLACE_SSN
 REPLACE_NAME, SN# REPLACE_SSN
The process followed meets the disk clearing requirements detailed in the
US Government publication, “ISFO Process manual V3 14 June 2011”, the
generally accepted industry accepted authority on device erasure.
This work was performed without charge to the customer.
Signed for Customer: _________________________
Print name: _________________________
Date: _________________________
NetApp - Proprietary & Confidential
9
Completion of Disk Erasure Work
Disk erasure work was performed on the following NetApp storage
controllers using the built in DataONTAP tools:
 REPLACE_NAME, SN# REPLACE_SSN
 REPLACE_NAME, SN# REPLACE_SSN
The process followed meets the disk clearing requirements detailed in the
US Government publication, “ISFO Process manual V3 14 June 2011”, the
generally accepted industry accepted authority on device erasure.
This work was performed done under NetApp purchase number PO #
REPLACE_PO_NUMBER.
Signed for Customer: _________________________
Print name: _________________________
Date: _________________________
NetApp - Proprietary & Confidential
10

similar documents