Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

Secure Erase Command

Abbreviation(s) and Synonym(s):

None

Definition(s):

  An overwrite command in the ATA standard (as ‘Security Erase Unit’) that leverages a firmware-based process to overwrite the media. This command typically executes substantially faster than attempting to rewrite through the native read and write interface. There are up to two options, ‘normal erase’ and ‘enhanced erase’. The normal erase, as defined in the standard, is only required to address data in the contents of LBA 0 through the greater of READ NATIVE MAX or READ NATIVE MAX EXT, and replaces the contents with 0s or 1s. The enhanced erase command specifies that, “…all previously written user data shall be overwritten, including sectors that are no longer in use due to reallocation” and the contents of the media following Sanitization are vendor unique. The actual action performed by an enhanced erase varies by vendor and model, and could include a variety of actions that have varying levels of effectiveness. The secure erase command is not defined in the SCSI standard, so it does not apply to media with a SCSI interface.
Source(s):
NIST SP 800-88 Rev. 1