/*
/*]]>*/

Zeroization

March 5, 2018

Zeroization

Navigation:
< Back
cyber risk assessment insurance cybersecurity best practices define RMM authentication TPRM ecosystem flaw hypothesis methodology high assurance guard 3rd party third-party CISO vulnerability Zeroization, in the context of information security and cryptography, is the process of securely erasing data, particularly sensitive information like cryptographic keys or critical security parameters, from a device or system to prevent unauthorized accessIt involves overwriting or deleting data to make it unrecoverable.
  • Purpose: Zeroization is a security measure taken to protect sensitive information when a device or system is compromised, sold, or decommissioned.
  • Method: It typically involves altering or deleting the contents of data storage, making it difficult or impossible to recover the original data.
  • Scope: Zeroization can apply to various forms of storage, including main memory, cache, NVRAM, and flash memory.

Examples:

Zeroization is used in cryptographic modules, hardware security modules (HSMs), and routers, especially when transitioning to or from FIPS (Federal Information Processing Standard) modes. 

  • Importance:

    It is crucial for maintaining the confidentiality and integrity of data, especially in environments where multiple users or processes access the same resources. 

In essence, zeroization is a crucial security practice for safeguarding sensitive information by ensuring that when a system or device is no longer under the control of its owner, the data it contains cannot be easily recovered. 

Definitions

A method of erasing electronically stored data, cryptographic keys, and CSPs by altering or deleting the contents of the data storage to prevent recovery of the data.
SOURCE: FIPS 140-2

A method of erasing electronically stored data, cryptographic keys, and Credentials Service Providers (CSPs) by altering or deleting the contents of the data storage to prevent recovery of the data.
SOURCE: CNSSI-4009