Confidently erase data in active environments and from used IT assets.
Boost services throughout the device lifecycle—from first sale to end-of-life.
Expedite processes, recover more marketable product, and increase services.
Home » Resources » New DoD Instruction on Controlled Unclassified Information Now Available
On March 6, 2020, the U.S. Department of Defense implemented new rules for how unclassified information is handled. Let’s look at how federal agencies and others can successfully satisfy these DoD CUI requirements for data destruction—all while minimizing manual work and honoring data retention requirements.
Katie Moss Jefcoat
Katie has launched and supported marketing campaigns for B2B technology companies since 2011. From 2016 to 2021, Katie served Blancco in the roles of content manager and senior product marketing manager, communicating the features and benefits of Blancco products, evaluating market and competitive trends, supporting sales enablement, and representing the voice of the customer.
The U.S. Department of Defense is an executive branch department of the federal government that’s responsible for coordinating and supervising all agencies and functions of the American government directly related to national security and the U.S. Armed Forces. As part of these responsibilities, the department puts out important security guidelines with which U.S. federal agencies must comply. And while these requirements only legally apply to U.S. government agencies, many countries across the world also adhere to these standards when working with U.S. federal agencies or simply as a matter of best practice.
As of March 6, 2020, the U.S. Department of Defense implemented new rules for how unclassified information is handled, outlined in DoD Instruction 5200.48 Controlled Unclassified Information (CUI). This new Instruction replaces “DoD Manual 5200.01, Volume 4, ‘DoD Information Security Program: Controlled Unclassified Information,’ February 24, 2012” and is designed to establish policy, assign responsibilities and propose procedures for CUI throughout the DoD in accordance with sections of Executive Order (E.O.) 13556; Part 2002 of Title 32, Code of Federal Regulations (CFR) and the Defense Federal Acquisition Regulation Supplement (DFARS).
Section 4.5 of the Instruction covers destruction of CUI. It states:
To make sensitive files unrecoverable at end-of-life, steps must be taken beyond just placing them in the Recycle Bin, where even once deleted, they can be recovered by anyone with the right tools. In addition, in-house solutions based on built-in OS deletion functionality also may leave data behind. Neither solution provides an audit trail to prove compliance with clear Certificates of Erasure.
To successfully satisfy DoD CUI requirements without adding a large amount of manual work for IT staff, organizations need an automated solution to permanently erase targeted files, folders and free disk space, including temporary files, artifacts, etc. This will allow them to meet both retention requirements and achieve compliance with this and other key government (or industry) regulations.
Blancco File Eraser is the only certified file erasure software solution on the market. The software seamlessly fits into an organization’s overarching data sanitization strategy, with simple automated and scheduled deployment to address time-sensitive or personally indefinable information (PII). This helps the organization achieve compliance with internal and external retention policies and regulations like DoD Instruction 5200.48.
Blancco File Eraser offers erasure to 17+ established standards, as well as centralized and customized reporting in a wide array of formats. The solution is also flexible, offering UI- or command-line-based setup and erases file, folders, free disk space, temporary files and more.
In addition, sometimes full IT assets (servers, laptops, etc.) must be securely erased—not only individual files and folders. The solution: completely sanitizing the drives in end-of-life assets using Blancco Drive Eraser software, which erases to NIST SP 800-88 (Clear and Purge) methods mentioned above, as well as over 20 other erasure standards. This should occur prior to physical destruction and before devices leave the secure business environment.
To learn more about how Blancco File Eraser can help your organization achieve compliance and enhance its security posture, request your free trial today.
Governments, industry organizations, and standards bodies around the world have created a range of guidelines for securely eliminating data from data storage assets like drives and computers. Here’s a summary of them, including NIST Clear…