Description:

This policy ensures that all data on storage devices is sanitized before they are disposed of. This helps to protect sensitive data from unauthorized access.

Rationale:

Sensitive data, such as customerPII, financial information, and intellectual property, can be stored on storage devices. If this data is not properly sanitized before it is disposed of, it could be accessed by unauthorized individuals. This could lead to identity theft, financial fraud, and other serious consequences.

Impact:

The impact of failing to follow this policy could be significant. If sensitive data is not properly sanitized, it could be accessed by unauthorized individuals. This could lead to identity theft, financial fraud, and other serious consequences.

Default Value:

AWS recommends that you use a secure erase method to sanitize data on storage devices. This method ensures that all data on the device is overwritten, making it impossible to recover.

Pre-requisites:

  • You must have access to the storage devices that you want to sanitize.
  • You must have a secure erase method available.

Remediation Steps:

If you fail to sanitize data on storage devices before they are disposed of, you must take steps to remediate the situation. This may involve re-encrypting the data, or physically destroying the storage devices.

Test Plan:

To test the effectiveness of your sanitization process, you should generate a test dataset that contains sensitive data. You should then sanitize the dataset and verify that it cannot be recovered.

Implementation Plan:

To implement this policy, you must create a process for sanitizing data on storage devices before they are disposed of. This process should include the following steps:

  1. Identify the storage devices that need to be sanitized.
  2. Select a secure erase method.
  3. Sanitize the data on the storage devices.
  4. Verify that the data has been successfully sanitized.

AWS CLI Process:

To sanitize data on storage devices using the AWS CLI, you can use the following command:

aws ec2 delete-snapshot --snapshot-id snap-xxxxxxxxxxxx

This command will delete the snapshot, which will permanently erase the data on the storage device.

Using AWS GUI:

To sanitize data on storage devices using the AWS GUI, you can follow these steps:

  1. Go to the AWS Management Console.
  2. Click on the "EC2" service.
  3. Click on the "Snapshots" tab.
  4. Select the snapshot that you want to delete.
  5. Click on the "Delete" button.

Backout Plan:

If you need to back out of this policy, you can restore the data from the storage devices. However, this may not be possible if the data has been overwritten.

Note:

  • This policy is not intended to be a comprehensive guide to data security. For more information, please refer to the AWS Security Best Practices.
  • The links in the "Reference" section are for informational purposes only. They do not constitute legal advice.

Section 2:

  • Tags and Keywords: sensitive data, PII, financial information, intellectual property, secure erase, data sanitization