Difference between revisions 601796710 and 656249702 on enwiki

{{multiple issues|
{{Orphan|date=August 2012}}
{{Refimprove|date=April 2008}}
}}

The '''Trusted Storage specification''' is a document under debate in the [[Trusted Computing Group]] designed to provide interoperability and standardization of [[Full Disk Encryption]] (FDE) for [[hard disk drives]] (HDDs).  The draft was published on 19 June 2007.<ref>https://www.trustedcomputinggroup.org/news/press/Storage_spec_release_final_june_18_2007.pdf</ref>

==References==
{{reflist}}

==See also==
* [[Disk encryption]]
* [[Full disk encryption]]

[[Category:Cryptographic software]]
[[Category:Disk encryption]]


{{crypto-stub}}Trusted Storage standardization has begun in ISO TC/171 SC1/WG8 (ISO 18759).   This International Standard specifies functional and technical requirements associated with Trusted Storage sub-systems that enable organizations, including product suppliers, to develop/configure products and technologies that store and manage content stored in non-alterable environments preventing modification or deletion during the life cycle of the content following organizational policies and procedures. This standard also specifies reporting requirements to ensure that content is no unknowingly altered during its prescribed retention cycle.  The current ISO convenor for this effort is MR. Robert Blatt,US/ANSI Expert to ISO TC/171

Organizations storing digital content or ESI (Electronically Stored Information) as business records have increasing sought guidance on how to design, implement and manage information and content management systems in such a way as to guarantee the reliability, authenticity and integrity of the records contained within the system throughout their entire lifecycles.  In addition to the requirements of normal business purposes, the need to ensure the reliability of records has come from legal mandates in the form of statutes and regulations, as well as well as admissibility standards as relate to legal proceedings.

Standards making bodies such as ISO, ANSI and AIIM have developed the concept of a “trusted system” in order to provide clear and concise, vendor neutral requirements for information and content management systems used to manage content as reliable and legally admissible records. As defined by ISO 15801, a trusted system is “a system used to store electronic information in an accurate, reliable and usable / readable manner, ensuring integrity over time.” 
 
At a minimum, a trusted system stores at least one copy of the record on media that prevents unauthorized deletions and that is stored in a different location from the original content.  In particular, it meets the following criteria:
•	At least two copies of the ESI should be written to separate locations, with at least one copy written to an unalterable media
•	Controls must be put in place to ensure that ESI is accurately captured and retained until a policy-defined deletion point
•	Write and modify actions of ESI should only take place through the ECM maintaining retention controls
•	Every action, including read, write, and modify, should be auditable through a reporting interface

ISO 18759 addresses the requirements for storage subsystems as regards non-alterability, security and verification, and as are expressed in authoritative documents such as by ISO 15801, AIIM ARP 1 – 2009, and ANSI/AIIM 25-2012.  The title of the standard, “Trusted WORM Functionality” is meant to reflect the objective of the standard, which is to provide additional, comprehensive detail on the characteristics of storage subsystems that meet the non-alterability requirement.  It is not meant to suggest that compliant storage subsystems by themselves constitute or are sufficient for a system to be designated a trusted system.

This standard is motivated by the evolution of storage technologies.  The de facto paradigm for trusted storage has been optical media, which is “write once” by virtue of the nature of the media and the method of writing to it.  However, new non-optical storage subsystems have evolved that accomplish “write once” objectives through a combination of hardware and software controls.  Understanding what specific functionality is required of these systems to meet trusted system requirements is the primary motivation for this standard.
 
The ISO 15801 definition of a trusted system contains two elements. The first element is the requirement that any information retrieved from the system can at the time of the retrieval be proven to be accurate, reliable, complete and unspoiled as a record. The second element is that during the lifecycle of the system itself, it can be proven that the system continues to maintain the integrity of all its records in accord with their retention policies and will continue to do so into the future provided that its normal operating conditions are maintained.  These two elements of the definition of a trusted system correspond to distinct but interconnected legal requirements, such as those developed by courts as regards the admissibility of ESI as evidence into legal proceedings, and those developed by regulators as regards the obligations of both public and private organizations to maintain reliable and accurate records systems for purposes of accountability and transparency.   This standard for trusted storage environments addresses both these criteria and will therefore provide guidance to organizations seeking to meet diverse legal requirements and mandates as regards the production and management of their electronic records.