FBI Guidelines for Digital Media Sanitization

Jan 21, 2021 Blog Article

The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, the FBI also recommends best practices for Criminal Justice Information (CJI).

David Stegon David is a technology-focused writer with more than 20 years of professional experience. A former reporter, David has written on a wide range of topics. As senior content writer at Blancco, he supports the company’s thought leadership, content marketing, and social media efforts.

Sanitization requirements

The CJIS Security Policy 2020 guidelines require an overwrite of three times or degaussing of digital media. The type of overwrite pattern is not specified but provides the option for degaussing digital media.

Note: The security policy does not adequately address overwriting SSDs. The SSD storage areas may not be accessible via typical three-pass overwrite patterns. The policy should indicate that the overwrite pattern is in compliance with NIST 800-88. “The NIST data sanitization requires ATA Secure Erase commands or Sanitize commands or TCG commands to be performed.”

The NIST overwrite pattern requires an ATA SecureErase command be performed. The policy also allows the degaussing of digital media. Degaussing is ineffective on flash media (USB and SSD storage) and will physically ruin a platter-based hard drive.

The policy also requires that inoperable digital media should be destroyed. The destruction can be by shredder, pulverization, or incineration. These sanitization and destruction steps are to be documented and witnessed by authorized personnel.

Data at rest

The FBI is required to store digital media within physically secure locations and restrict access to authorized individuals. When a secure area is not available or when data is in transit, the data should be encrypted to FIPS 140-2 certified software.

Sanitization solution

Blancco has more third-party certifications and approvals than any other erasure software in the world. Our software has been rigorously tested on securely and permanently removing data efficiently and completely. We’ll help you meet or exceed compliance with CJIS Security Policy 2020 guidelines for sanitization.

Learn more by visiting our Blancco Drive Eraser product page.

Erase CJIS Data Easily, Quickly, and Permanently  

Request your free enterprise data erasure trial.