Canadian CSEC ITSG-06 erase method
The Canadian CSEC ITSG-06 (Communications Security Establishment Canada – Information Technology Security Guidance No. 6) erase method is a data sanitization guideline issued by the CSEC, which governs how to securely erase information from electronic storage devices to prevent unauthorized data recovery.
It is the Canadian government’s standard for clearing, purging, and destroying data on magnetic and solid-state media, analogous to the U.S. DoD 5220.22-M or NIST SP 800-88 standards.
Overview
Full name: ITSG-06 — Clearing and Declassifying Electronic Data Storage Devices
Issued by: Communications Security Establishment Canada (CSEC)
Purpose: To ensure that sensitive or classified data is irrecoverable from storage media before reuse, downgrade, or disposal.
Technical Description
The ITSG-06 erase method provides detailed procedures for clearing and purging magnetic media (e.g., hard drives, tapes) and solid-state storage (e.g., SSDs, flash drives).
While implementations can vary slightly based on media type and classification level, the general overwrite method for magnetic media is as follows:
Magnetic Storage (HDDs, tapes):
- First pass: Overwrite all addressable storage locations with a fixed pattern (e.g., binary 0s).
- Verification: Verify that the last overwrite pass was successful (bit-level verification on a sample or full-drive basis).
- Third pass: Overwrite all addressable storage locations with random data.
- Second pass: Overwrite all addressable storage locations with the complementary pattern (e.g., binary 1s).
This is effectively similar to the DoD 5220.22-M (3-pass) method, with CSEC validation requirements.
Solid-State Storage (SSDs, Flash, Hybrid Drives):
-
ITSG-06 discourages overwriting due to wear-leveling and remapping mechanisms in SSDs.
-
Instead, it recommends:
-
Using built-in ATA Secure Erase or cryptographic erase functions.
-
Physical destruction (e.g., shredding, degaussing, or incineration) if the device handled highly classified data.
-
Rationale and Effectiveness
The ITSG-06 standard is based on the principle that residual data (remanence) on magnetic domains or flash cells can potentially be recovered with advanced forensic techniques.
Multiple overwriting passes or hardware-supported secure erase ensures that no readable magnetic signature of the original data remains.
Use Cases
-
Canadian federal departments and agencies:
To securely sanitize storage media containing Protected or Classified information before re-use or release.
-
Defense contractors and critical infrastructure operators:
When handling Canadian government or NATO-classified data that falls under CSEC oversight.
-
Private sector and IT asset disposal firms:
Implementing ITSG-06 erasure processes to comply with Canadian privacy laws and data protection standards (e.g., PIPEDA).
-
Cross-border compliance:
Companies operating in both the U.S. and Canada may adopt ITSG-06 alongside DoD 5220.22-M or NIST 800-88 for harmonized data sanitization.
Modern Considerations
-
Like DoD 5220.22-M, ITSG-06 is being phased out in favor of newer approaches aligned with NIST SP 800-88 Rev.1 and CSE’s updated guidance for data destruction.
-
For SSDs and encrypted media, CSEC recommends cryptographic erase or physical destruction as the most reliable methods.
Summary
| Media Type | Method | Passes | Verification | Notes |
|---|---|---|---|---|
| HDD / Tape | Overwrite fixed, complement, random | 3 | Optional / recommended | Standard ITSG-06 wipe |
| SSD / Flash | Secure Erase or Cryptographic Erase | N/A | Automatic | Overwriting not reliable |
| Classified Media | Physical Destruction | N/A | N/A | Required for Top Secret or higher |