Running a secure wipe tool

Various PCI DSS requirements mandate the use of a secure wipe tool to securely delete sensitive authentication data and cardholder data from disk.

According to PCI DSS requirement 3.3.1, the disk wipe tool must be in accordance with industry accepted standards for secure deletion. The National Security Agency, for example, maintains a list of approved products.

To securely wipe entire hard disks, use the DBAN tool.

To securely delete single files or directories, use the Wipe tool in Linux®.

Running the DBAN tool

You can download DBAN from http://www.dban.org/.

  1. Create a CD with the ISO image of DBAN.
  2. Boot the computer that hosts the device you want to wipe securely.
  3. Press the ENTER key to start DBAN in interactive mode.
    This screen capture is explained in the surrounding text.
  4. Type M and select the DoD Short method.
    This screen capture is explained in the surrounding text.
  5. Select the disk or partition you want to wipe by using the up (J) and down (K) keys to move to the entry.
  6. To confirm your selection, press the space bar.
  7. To start wiping the disk, press F10.
    This screen capture is explained in the surrounding text.
  8. The disk is now being wiped.
    This screen capture is explained in the surrounding text.
  9. Make sure a dialog is displayed that confirms a successful wipe.
    This screen capture is explained in the surrounding text.

Using the Wipe tool

Download Wipe from http://wipe.sourceforge.net/.

Use the Wipe tool to securely delete single files or directories.

For example, to securely delete the file myfile.txt, run:

wipe -Sr -p3 myfile.txt

Decommission a instance or cluster

If a cluster instance or an entire cluster is decommissioned, you must securely delete all cardholder data by using a disk wipe tool.

IBM® Safer Payments stores cardholder data in several locations. These locations are identified and configured as described in Configuring cardholder data storage locations.

Archived data and backups that are created by third-party applications are not in reach of the IBM Safer Payments software itself. Therefore, they are not securely deleted automatically by IBM Safer Payments. This aspect of this requirement must be met by organizational procedures.