The National Computer Security Center is issuing A Guide to Understanding Data Remanence in Automated Information Systems as part of the "Rainbow Series" of documents our Technical Guidelines Program produces. In the Rainbow Series, we discuss in detail the features of the Department of Defense Trusted Computer System Evaluation Criteria (DoD 5200.28-STD) and provide guidance for meeting each requirement. The National Computer Security Center, through its Trusted Product Evaluation Program, evaluates the security features of commercially-produced computer systems. Together, these programs ensure that organizations are capable of protecting their important data with trusted computer systems. While data remanence is not a directly evaluated criterion of trusted computing systems, it is an issue critical to the safeguarding of information used by trusted computing systems.
A Guide to Understanding Data Remanence in Automated Information Systems is intended for use by personnel responsible for the secure handling of sensitive or classified automated information system memory and secondary storage media. It is important that they be aware of the retentive properties of such media, the known risks in attempting to erase and release it, and the approved security procedures that will help prevent disclosure of sensitive or classified information. This version supersedes CSC-STD-005-85, Department of Defense Magnetic Remanence Security Guideline, dated 15 November 1985.
As the Director, National Computer Security Center, l invite your suggestions for revising this document. We plan to review this document as the need arises.
Patrick R. Gallagher, JR - Director National Computer Security Center
The National Computer Security Center extends recognition to Captain James K. Goldston, United States Air Force, for providing engineering support and as primary author and preparer of this guideline. We thank the many people involved in preparing this document. Their careful review and input were invaluable. The National Computer Security Center extends recognition to Dr. Bane W. Burnham and David N. Kreft, without whom this revision could not have taken place. Other reviewers that provided much needed input are Carole S. Jordan, Lawrence M. Sudduth, and Kim Johnson-Braun and George L. Cipra.