Table of Contents
1 INTRODUCTION 2 GENERAL INFORMATION 3 DEGAUSSERS
3.1 A PRIMER
3.2 DEGAUSSER TESTING
3.3 LABELING TAPES
3.4 DEGAUSSER PRODUCTS LIST (DPL)
3.5 DEGAUSSING EQUIPMENT FAILURE
4.1 DESTINATION OF RELEASED MEDIA
4.2 EFFECTS OF HEAT AND AGE
4.3 MECHANICAL STORAGE DEVICE EQUIPMENT FAILURE
4.4 STORAGE DEVICE SEGMENTS NOT RECEPTIVE TO OVERWRITE
4.5 OVERWRITE SOFTWARE AND CLEARING
4.6 OVERWRITE SOFTWARE AND PURGING
4.7 CONTRACTUAL OBLIGATION
4.9 DATA SENSITIVITY
5.1 GENERIC PROCEDURES
5.2 SPECIFIC PROCEDURES
5.2.1 MAGNETIC TAPES
5.2.2 MAGNETIC HARD DISKS
5.2.3 MAGNETIC DRUMS
5.2.4 MAGNETIC FLOPPY DISKS AND CARDS
5.2.5 MAGNETIC CORE MEMORY
5.2.6 PLATED WIRE MEMORY
5.2.7 THIN FILM MEMORY
5.2.8 MAGNETIC BUBBLE MEMORY
5.2.9 RANDOM ACCESS MEMORY (RAM)
5.2.10 READ ONLY MEMORY (ROM)
5.2.11 ERASABLE PROGRAMMABLE READ ONLY MEMORY (UVPROM)
5.2.12 ELECTRICALLY ERASABLE READ ONLY MEMORY (EEPROM)
Library No. 5-236,082
A Guide to Understanding Data Remanence in Automated Information Systems is intended for use by personnel responsible for the secure handling of sensitive or classified automated information system memory and secondary storage media. It is important that they be aware of the retentive properties of such media, the known risks in attempting to erase and release it, and the approved security procedures that will help prevent disclosure of sensitive or classified information. This version supersedes CSC-STD-005-85, Department of Defense Magnetic Remanence Security Guideline, dated 15 November 1985.
As the Director, National Computer Security Center, I invite your suggestions for revising this document. We plan to review this document as the need arises.
Patrick R. Gallagher, JR September 1991
National Computer Security Center
Various documents have been published that detail procedures for clearing, purging, declassifying, or destroying automated information system (AIS) storage media. [1,2,4, 5, 6, 8,9,13 and 16] The Department of Defense (DoD) published DoD Directive 5200.28, Security Requirements for Automated Information Systems,  and its corresponding security manual DoD 5200.28-M, Automated Data Processing Security Manual,  in 1972 and 1973, respectively. These two documents were amended in 1979, in response to the Defense Science Board Task Force recommendation to establish uniform DoD policy for computer security requirements, controls, and measures. The directive was again revised in March 1988, and efforts are underway to revise the manual.
DoD 5200.28-M addresses DoD requirements for the secure handling and disposal of memory and secondary storage media. While the Department of Defense requires the use of DoD Directive 5200.28 and DoD 5200.28-M by DoD components, the heads of DoD components may augment these requirements to meet their needs by prescribing more detailed guidelines and instructions provided they are consistent with these policies. DoD contractors and subcontractors who participate in the Defense Industrial Security Program (DISP) are required to comply with DoD 5220.22-M, Industrial Security Manual for Safeguarding Classified Information.  The Defense Investigative Service is responsible for the promulgation of the policy reflected in DoD 5220.22-M. Unlike these policy documents, A Guide To Understanding Data Remanence In Automated Information Systems does not provide requirements.
Sometime during the life cycle of an AIS, its primary and secondary storage may need to be reused, declassified, destroyed, or released. It is important that security officers, computer operators, and other users or guardians of AS resources be informed of the risks involving the reuse, declassification, destruction, and release of AIS storage media. They also should be knowledgeable of the risks inherent in changing the sensitivity level of AS storage media or of moving media from an installation with a specific security posture tone that is less secure. They should use proper procedures to prevent a possible disclosure of sensitive information contained on such media. ("Sensitive" in this document refers to classified and sensitive but unclassified information.) The procedures and guidelines in this document are based on research, investigation, current policy, and standard practice.
This guideline is divided as follows: Section 2 provides information on using this guideline and introduces DoD terminology. Section 3 discusses the use of degaussers and references the Degausser Products List (DPL), a listing of DoD evaluated degaussers. Section 4, "Risk Considerations," has information similar to that found in version 1 of this document, except for the modification of Section 4.2, "Effects of Heat and Age," and the addition of information on overwriting and degaussing. Section 5 addresses DoD endorsed erasure standards. Recently developed storage technologies and disk exercisers are discussed in Section 6. Section 7 addresses areas needing further investigation and provides references to additional information on the science of magnetics, as it pertains to magnetic remanence.
A series of research studies were contracted by the DoD to the Illinois Institute of Technology, Research Institute and completed in 1981 and 1982. They have confirmed the validity of the degaussing practices as applied to magnetic tape media.  Additional research conducted at the Carnegie-Mellon University using communication theory and magnetic modeling experiments designed to detect digital information from erased disks has provided test data on the erasability of magnetic disks. [11, 21, and 22] This work, along with DoD research that has not yet been released, provides the basis for the disk degaussing standard. More studies are planned or underway to ensure the adequacy of DoD degaussing standards.
On 2 January 1981, the Director of the National Security Agency assumed responsibility for computer security within the Department of Defense. As a result, the Department of Defense Computer Security Center (DoDCSC), officially chartered by DoD Directive 5215.1, was established at the National Security Agency. (3] The DoDCSC Division of Standards (now Division of Standards, Criteria, and Guidelines)
was subsequently formed and tasked to support a broad range of computer security
related subjects. The DoDCSC became the NCSC in 1985, as amended in National Security Decision Directive 145.  As part of its mission to provide information useful for the secure operation of AISs, the NCSC published the Department of Defense Magnetic Remanence Security Guideline, which is version 1 of this guideline.
Guidelines in this document have two degrees of emphasis. Those that are most important to the secure handling of AIS storage media have such wording as "the ISSO should . . . ." Guidance of lesser criticality has such wording as "it is good practice" or "it may be." Thus, the word "may" denotes less emphasis or concern than the word "should."
Clearing: The removal of sensitive data from an AIS at the end of a period of processing, including from AIS storage devices and other peripheral devices with storage capacity, in such a way that there is assurance, proportional to the sensitivity of the data, that the data may not be reconstructed using normal system capabilities, i.e., through the keyboard. (This may include use of advanced diagnostic utilities.) An AS need not be disconnected from any external network before a clear. [1, draft version]
Clearing can be used when the secured physical environment (where the media was used) is maintained. In other words, the media is reused within the same AIS and environment previously used.
In an operational computer, clearing can usually be accomplished by an overwrite of unassigned system storage space, provided the system can be trusted to provide separation of the storage space and unauthorized users. For example, a single overwrite of a file or all system storage, if the circumstance warrants such an action, is adequate to ensure that previous information cannot be reconstructed through a keyboard attack. Note: Simply removing pointers to a file, which can occur when a file is simply deleted in some systems, will not generally render the previous information unrecoverable through normal system capabilities (i.e., diagnostic routines).
Purging: The removal of sensitive data from an AIS at the end of a period of processing, including from AIS storage devices and other peripheral devices with storage capacity, in such a way that there is assurance, proportional to the sensitivity of the data, that the data may not be reconstructed through open-ended laboratory techniques. An AIS must be disconnected from any external network before a purge. 
Purging must be used when the secured physical environment (where the media was used) will not be maintained. In other words, media scheduled to be released from a secure facility to a non-cleared maintenance facility or similar non-secure environment must be purged.
Note: The purging definition allows a hierarchy of data eradication procedures, although current standards do not take advantage of this. That is, removing data with "assurance, proportional to the sensitivity of the data, that the data may not be reconstructed" implies that standards can be developed to be applied hierarchically. For example, a standard could be developed that allowed a security officer to degauss CONFIDENTIAL tapes by 80 db, SECRET tapes by 90 db, etc. Practice has shown, however, that this is not a feasible approach. Authorized clearing and purging procedures are detailed in DoD 5200.28-M and sometimes further amplified in DoD component regulations.
Declassification: A procedure and an administrative action to remove the security classification of the subject media. The procedural aspect of declassification is the actual purging of the media and removal of any labels denoting classification, possibly replacing them with labels denoting that the storage media is unclassified. The administrative aspect is realized through the submission to the appropriate authority of a decision memorandum to declassify the storage media.
Whether declassifying or downgrading the storage media, the memorandum should include the following:
- a. A description of the media (type, manufacturer, model, and serial number).
- b. The media's classification and requested reclassification as a result of this action.
- c. A description of the purging procedures to include the make,
model number, and serial number of the degausser used and the date of
the last degausser test if degaussing is done; or the accreditation
statement of the software if overwriting is done; or the description of
and authorization to use the purging procedure if the purging procedure
is different from the preceding procedures.
- d. The names of the people executing the procedures and verifying the results.
- e. The reason for the downgrade, declassification, or release.
- f. The concurrence of the data owner that the action is necessary.
- g. The intended recipient or destination of the AIS and storage media.
from a recorded state to an unrecorded state. Coercivity values are available from the manufacturer or vendor.
Type I Tape: Magnetic tape with coercivity not exceeding 350 Oe (also known as low-energy tape), for example, iron oxide coated tape. Note: The maximum coercivity level has changed from 325 Oe to 350 Oe.
Magnetic disks, i.e., oxide particles on a metal substrate, also have varying coercivity levels. Research has shown, however, that the physical remanence properties of disks are easier to address. Because of this, disks are treated as Type I media and are discussed in more detail later.
Type II Tape: Magnetic tape with coercivity ranging from 351 to 750 Oe (also known as high-energy tape), for example, chromium dioxide coated tape.
The determination of the Types l and II definitions was largely a result of the tape manufacturing industry. Low-energy tapes were developed first, and they have coercivities around 300 Oe + 10%. The next generation tape was high-energy tape, whose coercivity is around 650 Oe + 10%. There have been no naturally occurring plateaus for which to define a Type Ill tape. As a practical matter, there are no degaussers that can yet meet the requirements of National Security Agency/Central Security Service (NSA/CSS) Specification L14-4-A for tapes above Type II. 
Type III Tape: Magnetic tape with coercivity above 750 Oe, for example, cobalt-modified iron oxide coated tape and metallic particle coated tape. This definition is provided so these media may be discussed.
Degausser: A device that can generate a magnetic field for degaussing magnetic storage media. A Type l degausser can purge Type I tapes and all magnetic disks. A Type II degausser can purge both Types I and II tapes. There are, at present, no Type III degaussers. Currently, all Type I, II, and III tapes may be cleared with a Type I degausser. However, Type III tapes with higher than the current maximum coercivity may be developed that would not be clearable with a Type I degausser. Refer to the DPL for Type III degausser availability. Section 3 discusses degaussers further.
Permanent Magnet Degausser: A hand-held permanent magnet that has satisfied the requirement to degauss floppy disks, disk platters, magnetic drum surfaces, bubble memory chips, and thin film memory modules. It is not used to degauss magnetic tape.
Object reuse can be implemented so that the address space that contained the object (file) is cleared upon deallocation (the net result is that unallocated address space is cleared) or upon allocation (the net result is that unallocated address space may contain data residue). (Note: There are other ways to implement object reuse which do not involve clearing.) Information from a common data storage pool cannot normally be retrieved through the keyboard.
Some comparisons have been made between trusted systems that satisfy the object reuse requirement and overwrite programs that do only clearing or purging; however, it should be noted that overwrite programs cannot be trusted in the same sense as trusted systems. This is primarily because of the environment in which overwrite programs must operate.
Trusted systems are designed with an object reuse mechanism that is protected and supported by the TCB, substantiating the degree of trust placed in the object reuse mechanism. Commercially available overwrite programs are usually designed to operate on several different systems and are not evaluated with the same rigor as trusted systems; however, any overwrite program should be protected from unauthorized modification. These two security features provide a similar aspect of data confidentiality but satisfy different computer security requirements.
Erasure via degaussing may be accomplished in two ways: in AC erasure, the media is degaussed by applying an alternating field that is reduced in amplitude over time from an initial high value (i.e., AC powered); in DC erasure, the media is saturated by applying a unidirectional field (i.e., DC powered or by employing a permanent magnet).
In some cases, adding another label to the tape could introduce the possibility of operator error in shops where the reel is already crowded with labels. Some facilities require the security officer to use the manufacturer's label to determine tape coercivity. In any case, strict inventory controls should be in place to ensure that tapes can be identified by type so the correct purge procedure is used.
To provide a rough estimate of degausser effectiveness, an on-site test of generated magnetic field strength may be done by using a gaussmeter for some models of Type I degaussers. (Some Type I degaussers cannot be tested in this
manner because the degaussing field is not accessible.) However, a more extensive test is required to maintain an adequate degree of assurance that the degausser is operating correctly.
Both Type I and II degaussers may be periodically tested more extensively by testing against the 90 db test signal strength reduction requirement in NSA/CSS Specification L14-4-A using the following procedure: have the tape prerecorded with the specified test signal (in a testing laboratory), degauss the tape, then return the tape to the laboratory where it can be tested for the remanent signal level.  Check with local authorities or engineering personnel to determine if such a service is available to your organization. There are two companies listed in the DPL, Integra Technologies Corporation and Data Security, Incorporated, that can test an installed degausser's effectiveness.
Although this periodic test is not a DoD requirement, it is highly recommended. After a degausser is installed, it should be tested periodically (approximately every six months) for its first two years of operation. This data can be used to develop a histogram of the degausser's operation. Based on this information, an informed decision can be made about extending the interval between testing, e.g., every 9 months, yearly, every 18 months, etc.
Note that it is erroneous to assume that even a newly installed degausser, let alone a degausser several years old, is providing sufficient erasure. It is not prudent to rely upon one DoD evaluation of the degausser manufacturer's product line because of possible product failure.
There are additional risks to trusting overwrite software to purge disks. The environment in which the software must operate is difficult to constrain. For this reason, care must be exercised during software development to ensure the software cannot be subverted. The overwrite software should be protected at the level of the media it purges, and strict configuration controls should be in place on both the operating system the software must run under and the software itself. The overwrite software must be protected from unauthorized modification. 
If test and diagnostic equipment (T & DE) is used on an AIS that has not been purged, there is a possibility that the T & DE can capture sensitive information. To prevent unauthorized disclosure, the T & DE should either be purged after use or remain safeguarded at the highest level of information resident on the AIS.
For example, if a sensitive disk drive is serviced, the escort official should know that the maintenance person is not allowed to remove the damaged disk from the facility. The escort also should be capable of identifying when a maintenance person has altered the protective characteristics of the device.
Mistakenly using a Type I degausser to purge Type II tape is another risk. Type I degaussers cannot purge Type II tape. Magnetic tape should have a label applied to the reel that identifies the coercivity of the media, because coercivity cannot always be distinguished by physical appearance. Strict inventory controls should be in place to ensure tapes can be identified by type so the correct purge procedure is used. If type labels are used, they should not be removed from the reel unless the tape is cut from the reel or the reel itself is destroyed. Labels that show classification should not be removed from the reel until the media is declassified. See Section 3.3, "Labeling Tapes," for more information about labels.
- a. Destruction at an approved metal destruction facility, i.e., smelting, disintegration, or pulverization.
- b. Incineration.
- c. Application of an abrasive substance (emery wheel or disk sander) to a magnetic disk or drum recording surface. Make
certain that the entire recording surface is completely removed before
disposal. Also, ensure proper protection from inhaling the abraded dust.
- d. Application of concentrated hydriodic acid (55% to 58% solution) to a gamma ferric oxide disk surface. Acid solutions should be used in a well-ventilated area only by qualified personnel.
- e. Application of acid activator Dubais Race A (8010 181 7171)
and stripper Dubais Race B (8010 181 7170) to a magnetic drum recording
surface. Technical acetone (6810 184 4796) should then be applied to
remove residue from the drum surface. The above should be done in a
well-ventilated area, and personnel must wear eye protection. Extreme
caution must be observed when handling acid solutions. This procedure
should be done only by qualified and approved personnel.
Type I or Type II degausser. This procedure is considered acceptable for clearing, but not purging, all types of tapes.
Degaussing with an appropriate degausser is the only method the DoD accepts for purging this media. Specifically, a Type I degausser can purge only Type I tapes, and Type II degaussers can purge Types I and II tapes. No degausser presently exists that is capable of purging Type III tapes in accordance with NSA/CSS Specification L14-4-A.
Recently completed research has indicated that degaussing is an effective method to purge rigid disk media. Large cavity degaussing equipment can be used to erase the data from sealed disk packs and Winchester style hard disk drives while the platters remain in the drive. Care must be exercised to ensure that the disk drive is not encased in a material that conducts a magnetic field. Research has shown that aluminum housings on Winchester disk drives attenuate the degaussing field by only about 2 db. Operational guidance is now being developed for the DoD.
A good primer on magnetic coatings used for disks and tapes is Particulate Magnetic Recording: A Review, by Michael P. Sharrock.  For a discourse on future storage trends, see Data Storage in 2000-Trends in Data Storage Technologies, by Mark H. Kryder.  The IEEE Transactions on Magnetics provides a wealth of information on the field of magnetics, with entire sections devoted to engineering-level discussions related to magnetic remanence in AIS storage media.
Announcements concerning cavity degaussers should be forthcoming. See the Degausser Products List for these announcements and for announcements about decisions concerning magnetic media degaussing.
DoD policy, procedures, and guidance need continual refinement to keep pace with the evolving storage technologies. Although there is no focal point responsible for ensuring erasure standards are current, various agencies have sponsored research that has ensured our erasure standards provide an adequate degree of security. This has caused duplication of effort at times, but it has also provided additional validation of earlier work. However, a focal point would ensure research is duplicated only when necessary. As storage technology advances and clear and purge procedures are developed and refined, this guideline will be periodically updated to reflect the changes. DoD 5200.28-M should be updated also.
- Automated Information System.
- An assembly of computer hardware, firmware, and/or software configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information.
- AIS Storage Media.
- The physical substance(s) used by an AS system upon which data are recorded.
- Clearing AIS Storage Media.
- Removal of sensitive data from an AS at the end of a period of processing, including from AIS storage devices and other peripheral devices with storage capacity, in such a way that there is assurance, proportional to the sensitivity of the data, that the data may not be reconstructed using normal system capabilities, i.e., through the keyboard. An AIS need not be disconnected from any external network before a clear.
- Coercive Force.
- A negative or reverse magnetic force applied for reducing magnetic induction to zero.
- The amount of applied magnetic field (of opposite polarity) required to reduce magnetic induction to zero. It is often used to represent the ease with which magnetic media can be degaussed.
- Configuration Control.
- The process of controlling modifications to the system's hardware, firmware, software, and documentation that provide sufficient assurance that the system is protected against the introduction of improper modifications before, during, and after system implementation. Compare "configuration management."
- Configuration Management.
- The management of security features and assurances through control of changes made to a system's hardware, software, firmware, documentation, test, test fixtures and test documentation throughout the development and operational life of the system. Compare "configuration control."
- A representation of facts, concepts, information, or instructions suitable for communication, interpretation, or processing by humans or by an AIS.
- Declassification of AIS Storage Media.
- A procedure and an administrative decision to remove the security classification of the subject media.
- A device that can generate a magnetic field for degaussing magnetic storage media.
- To reduce magnetic induction to zero by applying a reverse magnetizing field. Also called "demagnetizing."
- Degausser Products List (DPL).
- A list of commercially produced degaussers that meet National Security Agency specifications as set forth in reference 13. The National Security Agency includes this list in their Information Systems Security Products and Services Catalogue.
- Designated Approving Authority (DAA).
- The official who has the authority to decide to accept the security safeguards prescribed for an AIS or the official who may be responsible for issuing an accreditation statement that records the decision to accept those safeguards. The DAA must be at an organizational level such that he or she has the authority to evaluate the overall mission requirements of the AIS and provide definitive directions to AIS developers or owners relative to the risk in the security posture of the AIS.
- A procedure and an administrative decision to reduce the security classification of the subject media.
- A process by which data recorded on storage media is removed.
- A unit measure of the magnetic flux density produced by a magnetizing force.
- Information System Security Officer (ISSO).
- The person responsible to the DAA for ensuring that security is provided for and implemented throughout the life cycle of an AIS from the beginning of the system concept development phase through its design, development, operation, maintenance, and secure disposal.
- Information Systems Security Products and Services Catalogue (INFOSEC Catalog).
- A catalog issued quarterly by the National Security Agency to assist in the selection of products and services that will provide an appropriate level of information security. The National Security Agency issues the DPL in this publication, which is available through the Government Printing Office.
- Inter-Record Gap.
- The "area" between data records on a magnetic tape.
- Keyboard Attack.
- Data scavenging through resources available to normal system users, which may include advanced software diagnostic tools.
- Laboratory Attack.
- Data scavenging through the aid of what could be precise or elaborate equipment.
- Magnetic Field Intensity.
- The magnetic force required to produce a desired magnetic flux, given as the symbol H (see definition of "oersted").
- Magnetic Flux.
- Lines of force representing a magnetic field.
- Magnetic Flux Density.
- The representation of the strength of a magnetic field, given as the symbol B (see definition of "gauss").
- Magnetic Remanence.
- The magnetic flux density that remains in a magnetic circuit after the removal of an applied magnetic field. For discussion purposes, it is better to characterize magnetic remanence as the magnetic representation of residual information that remains on magnetic media after the media has been erased.
- Magnetic Saturation.
- The condition in which an increase in magnetizing force will produce little or no increase in magnetization.
- Object Reuse.
- The reassignment to some subject of a medium (e.g., page frame, disk sector, or magnetic tape) that contained one or more objects. To be securely reassigned, no residual data from the previously contained object(s) can be available to the new subject through standard system mechanisms.
- A unit of magnetic field strength.
- Overwrite Procedure.
- A procedure to destroy data recorded on AIS storage media by recording patterns of unclassified data over the data stored on the media.
- Permanent Magnet Degausser.
- Hand-held permanent magnet that generates a magnetic field for degaussing magnetic storage media.
- The removal of sensitive data from an AIS at the end of a period of processing, including from AIS storage devices and. other peripheral devices with storage capacity, in such a way that there is assurance proportional to the sensitivity of the data that the data may not be reconstructed through open-ended laboratory techniques. An AIS must be disconnected from any external network before a purge.
- The residual information that remains on storage media after erasure.
- Searching through object residue (file storage space) to acquire unauthorized data.
- Trusted Computer System Evaluation Criteria (TCSEC).
- A document published by the National Computer Security Center containing a uniform set of basic requirements and evaluation classes for assessing degrees of assurance in the effectiveness of hardware and software security controls built into systems. These criteria are intended for use in the design and evaluation of systems that will process and/or store sensitive or classified data. This document is DoD 5200.28-STD and is often called The Criteria or The Orange Book.
- Trusted Computing Base (TCB).
- The totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a TCB to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g., a user's clearance) related to the security policy.
- Trusted Computing System.
- A system that employs sufficient hardware and software integrity measures to allow its use for simultaneously processing a range of sensitive or classified information.
- Type I Tape.
- Magnetic tape whose coercivity does not exceed 350 oersteds (also known as low-energy tape).
- Type II Tape.
- Magnetic tape whose coercivity ranges from 351 oersteds up to 750 oersteds (also known as high-energy tape).
- Type III Tape.
- Magnetic tape whose coercivity exceeds 750 oersteds.
- Automated Data Processing Security Manual, Department of Defense Manual, DoD 5200.28-M, January 1973 with change pages in June 1979 (now under revision).
- Care and Handling of Computer Magnetic Storage Media, Department of Commerce, National Bureau of Standards Special Publication 500-101, June 1983.
- Computer Security Evaluation Center, Department of Defense Directive, DoDD 5215.1,25 October 1982.
- Department of the Navy Automated Data Processing Security Program, Chief of Naval Operations Instruction, OPNAVINST 5239.1A with change 1, 3 August 1982.
- Department of the Navy Automated Information System Security Program, Secretary of the Navy Instruction, SECNAVINST 5239.2, 1 November 1989.
- "Emergency Destruction of Information Storing Media," Institute for Defense Analyses Report, R-321, December 1987.
- A Guide to Understanding Configuration Management in Trusted Systems, National Computer Security Center Technical Guideline, NCSC-TG-006, Version 1,28 March 1988.
- Industrial Security Manual for Safeguarding Classified Information, Department of Defense Manual, DoD 5220.22-M, June 1987.
- Information Systems Security, Army Regulation, AR 380-19, 4 September 1990.
- Information Systems Security Products and Services Catalogue, National Security Agency, quarterly publication.
- Katti, Romney R., "Erasure in Magnetic Recording Media," doctoral dissertation, Carnegie-Mellon University, 12 April 1988.
- Kryder, Mark H., "Data Storage in 2000-Trends in Data Storage Technologies," IEEE Transactions on Magnetics, Vol. 25, No. 6, November 1989.
- Magnetic Tape Degausser, National Security Agency/Central Security Service (NSA/CSS) Specification L1 4-4-A, 31 October 1985.
- Mountfield, K. R., and M. H. Kryder, "The Effect of Erasure in Particulate Disk Media," IEEE Transactions On Magnetics, Vol. 25, No. 5, September 1989.
- National Policy on Telecommunications and Automated Information Systems Security, National Security Decision Directive, NSDD 145, 17 September 1984.
- Remanence Security, Air Force Systems Security Instruction, AFSSI 5020,15 April 1991.
- Security Requirements for Automated Information Systems, Department of Defense Directive, DoDD 5200.28, March 1988.
- Sharrock, Michael P., "Particulate Magnetic Recording: A Review," IEEE Transactions on Magnetics, Vol. 25, No. 6, November 1989.
- "Signal Processing Applications Techniques to Magnetic Erasure Data," Illinois Institute of Technology, Research Institute, Final Reports for Projects E06522, K06005, and K06051, February 1982, September 1982, and March 1984 respectively.
- Trusted Computer System Evaluation Criteria, Department of Defense Standard, DoD 5200.28-STD, December 1985.
- Veeravalli, Venugopal V., "Detection of Digital Information From Erased Magnetic Disks," masters thesis, Carnegie-Mellon University, 1987.
- Wiesen, Kurt, "Modeling of Magnetic Media," masters thesis, Carnegie-Mellon University, July 1986.