>
> Outside of FDRERASE and good old ICKDSF are there any
> products in the market that can erase data from mainframe DASD?
>
> I didn't see anything in the CBT archive for DASD, just some
> tape erasure programs.
> * *
>
> --
> Mark Jacobs
> Time Customer Service
> Tampa, FL
> ----
>
There are any number of solutions both hardware & software that lay claim to
being DOD compliant for the purposes of erasing data from mainframe DASD but
very
few that can make the claim that they have been independently certified by a
government sponsored agency as meeting the compliance requirements.
Before selecting any of the solutions put forward, one needs to check with their
IT Security Advisor and/or Auditors to see what their expections are, that is,
whether a compliant solution is good enough or whether it has to be certifed as
a
compliant solution. A list of certified compliant solutions can be found at the
following site listed under the heading "Technology Type" as "Sensitive Data
Protection":
http://niap-ccevs.org/cc-scheme/vpl/
Furthermore, the question needs to be asked whether or not the requirement is
for
"clearing"/"overwriting" the disk or the more stringent requirement of
"purging"/sanitizing" the disk. These definitions are described the documents:
NCSC-TG-025 A Guide to Understanding Data Remanence in Automated Information
Systems
DoD 5220.22-M National Industrial Security Program Operation Manual
"clearing"/"overwriting" requirements are usually ok for the OP's requirement
when leaving a DR site but the "purging"/"sanitizing" requirement may be a
mandatory requirement when decommission obsolete storage subsystems.
There are a number of Government & Industrial guidelines that dictate what are
the requirements. These include HIPPA, Sarbane-Oxley, Gramm-Leach-Billey as well
as the PCIDSS requirement for organisations who are involved with the issue and
processing of credit card payment etc.
At the end of the day, the decision as to what product to use may not be that of
the humble storage management technician but a decision that is dictated by the
requirements of the corporate IT Security Advisor and/or Auditor. It may well
be
worth your job tenure to go and check!
Stephen Mednick
Computer Supervisory Services
Sydney, Australia
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
