openstack/security-doc
Code Issues Proposed changes

Update NIST doc reference to revision 4

Browse Source 
Updated the reference to NIST documentation from
revision 3 to revision 4 and added a link to the
NIST doc. Also updated the quotation from that doc
to reflect the text in revision 4.

Change-Id: I4c3603a60824ce2d2bee1639de203c0bc35b3f10
backport: none
Closes-bug: #1419556
This commit is contained in:
kallimachos
2015-02-09 11:35:37 +10:00
parent 283cb833b9
commit 02d26fcd85
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
security-guide/section_data-privacy-concerns.xml
View File

@@ -77,7 +77,13 @@
<title>Data disposal</title>
<para>OpenStack operators should strive to provide a certain level of tenant data disposal assurance. Best practices suggest that the operator sanitize cloud system media (digital and non-digital) prior to disposal, release out of organization control or release for reuse. Sanitization methods should implement an appropriate level of strength and integrity given the specific security domain and sensitivity of the information.</para>
<blockquote>
<para>"Sanitization is the process used to remove information from system media such that there is reasonable assurance that the information cannot be retrieved or reconstructed. Sanitization techniques, including clearing, purging, and destroying media information, prevent the disclosure of organizational information to unauthorized individuals when such media is reused or released for disposal." [NIST Special Publication 800-53 Revision 3]</para>
<para>"The sanitization process removes information from the media
such that the information cannot be retrieved or reconstructed.
Sanitization techniques, including clearing, purging,
cryptographic erase, and destruction, prevent the disclosure
of information to unauthorized individuals when such media is
reused or released for disposal."
<link xlink:href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">NIST Special Publication 800-53 Revision 4</link></para>
</blockquote>
<para>General data disposal and sanitization guidelines as adopted from NIST recommended security controls. Cloud operators should:</para>
<orderedlist><listitem>