cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
arkahnz
Viewer

CISSP Question Clarification regarding media sanitization.

Q. Megan wants to prepare media to allow for its reuse in an environment operating at the same sensitivity level. Which of the following is the best option to meet her needs? Clearing Erasing Purging Sanitization

 

Answer as per the Official Study Guide - 

 

Clearing describes preparing media for reuse. When media is cleared, unclassified data is written over all addressable locations on the media. Once that's completed, the media can be reused. Purging is a more intensive form of clearing for reuse in lower-security areas.

 

My question is, since purging is a more intensive form of clearing then why is it used for reuse in lower-security areas. I thought the answer to this question should have been purging. So in which instances should clearing and purging be used?

 

Thanks

 

5 Replies
denbesten
Community Champion

.... clearing for reuse in a lower-security area than it was formerly used in.  

 

The comment is about the "change in classification" for the media; not about the continuing use in a lesser classification.

Steve-Wilme
Advocate II

If you were to clear the data from media used in a highly classified area and then reuse the media in a lower classified area, there is a risk of writing data down; therefore it should be purged to treat that risk.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
arkahnz
Viewer

Thanks for clarifying.
YBaker
Viewer

Arkhanz, 

 

Replies for the CISSP question about reuse of media and what method for same level of sensitivity and your question about differences of clearing and purging in this context and use.

 

It's clearing and not purging for environment/department of same level of sensitivity.

 

The CISSP question indicates that Megan wants to reuse the media in an environment operating at the SAME sensitivity level. Then, clearing the media would be the best approach since it would be reused with the same classification level and not require purging. (This is cited in NIST Special Publication 800-88.)

You are correct about purging being more intensive than clearing, but it is reasonable that the clearing process within the same sensitivity area, so the most efficient and cost-effective control would be clearing. (You mentioned lower-security area, and it may well be, but the question posed does not clarify that, just that it is the same sensitivity area.)

 

 You ask in which instances should clearing and purging be used? When the media is within the confines of an area, environment, department - then clearing would be appropriate. When the media is to leave the environment and will not be reused but instead destroyed, then the data on the disk should be completely over-writtten  by degaussing (magnetic erasing) or firmware commands (and tools)which would lead data to be unrecoverable with a high level of confidence. Note, that once degaussed, the disk data and startup files are removed, making the disk unusable, thus this would not be the answer to the CISSP example question. 
Hope this is helpful to you and others.

Anto
Viewer

photo_2023-11-20_16-50-15.jpgScreenshot (292).png

 

 

See both the above photos. Both are from NIST SP 800-88, where it's clear that the media can be reused in clearing as well as purging.

 

Also within org control for high-sec sec data, there is only one option, which is purge or destroy there is no clear option in the flow chart as per NIST. 

 

So if you go with NIST then it should be purging and not clearing.

 

Anything else am missing?