Confidently erase data in active environments and from used IT assets.
Boost services throughout the device lifecycle—from first sale to end-of-life.
Expedite processes, recover more marketable product, and increase services.
Home » Resources » FBI Guidelines for Digital Media Sanitization
The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, the FBI also recommends best practices for Criminal Justice Information (CJI).
David is a technology-focused writer with more than 20 years of professional experience. A former reporter, David has written on a wide range of topics. As senior content writer at Blancco, he supports the company’s thought leadership, content marketing, and social media efforts.
The CJIS Security Policy 2020 guidelines require an overwrite of three times or degaussing of digital media. The type of overwrite pattern is not specified but provides the option for degaussing digital media.Note: The security policy does not adequately address overwriting SSDs. The SSD storage areas may not be accessible via typical three-pass overwrite patterns. The policy should indicate that the overwrite pattern is in compliance with NIST 800-88. “The NIST data sanitization requires ATA Secure Erase commands or Sanitize commands or TCG commands to be performed.”
The NIST overwrite pattern requires an ATA SecureErase command be performed. The policy also allows the degaussing of digital media. Degaussing is ineffective on flash media (USB and SSD storage) and will physically ruin a platter-based hard drive.The policy also requires that inoperable digital media should be destroyed. The destruction can be by shredder, pulverization, or incineration. These sanitization and destruction steps are to be documented and witnessed by authorized personnel.
The FBI is required to store digital media within physically secure locations and restrict access to authorized individuals. When a secure area is not available or when data is in transit, the data should be encrypted to FIPS 140-2 certified software.
Blancco has more third-party certifications and approvals than any other erasure software in the world. Our software has been rigorously tested on securely and permanently removing data efficiently and completely. We’ll help you meet or exceed compliance with CJIS Security Policy 2020 guidelines for sanitization.
Learn more by visiting our Blancco Drive Eraser product page.
Request your free enterprise data erasure trial.