The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, the FBI also recommends best practices for Criminal Justice Information (CJI).2
The CJIS Security Policy 2020 guidelines require an overwrite of three times or degaussing of digital media. The type of overwrite pattern is not specified but it also provides the option for degaussing digital media.
Note: The security policy does not adequately address overwriting SSDs. The SSD storage areas may not be accessible via typical three pass overwrite patterns. The policy should indicate that the overwrite pattern be in compliance with NIST 800-88. The NIST overwrite pattern requires an ATA SecureErase or an ATA SanitizeDisk command be performed. The policy also allows the degaussing of digital media. Degaussing is ineffective on flash media (USB and SSD storage) and will physically ruin a platter-based hard drive.
The policy also requires that inoperable digital media should be destroyed. The destruction can be by shredder, pulverization, or incineration. These sanitization and destruction steps are to be documented and witnessed by authorized personnel.
Data At Rest
The FBI is required to store digital media within physically secure locations and restrict access to authorized individuals. When a secure area is not available or when data is in transit, the data should be encrypted to FIPS 140-2 certified software.
WipeDrive is compliant with CJIS Security Policy 2020 guidelines for sanitization of CJI (Criminal Justice Information). The three passes overwrite pattern will securely erase drives and WipeDrive is certified by the Department of Homeland Security and Common Criteria. For more information or to request a trial, contact our Sales Team at 801.224.8900.