HMG Infosec Standard 5 - help


New Member
Hi all

Have been using Eraser for a time now - currently have 5.8.7 running on a couple of systems.

I am wanting to ascertain if I can use this software to support / implement the HMG Infosec Standard 5, baseline or enhanced. I searched and found a couple of references from a poster named David, but when I go to the options I don't have an option for that standard.

How can I get this wokring?

v5 doesn't have the standard defined, v6 does. You can however take the definition of the standard and implement it in v5 as a custom erasure method.
Joel said:
v5 doesn't have the standard defined, v6 does
... and I'm using v6.

My main reason for using the Infosec 5 (Enhanced) standard - apart from probably misplaced patriotism - is that it is pretty close to the 3 pass erase I was using on Eraser 5.x. Of course, if a particular standard is required for compliance reasons, that is a different matter.


In terms of compliance I don't think Eraser is certified in any way? I was looking for CESG compliance on, not sure where or what I should be looking at now to become 'compliant'
David I think you'll need to help me over here, it's obviously some standard there I'm not aware of...
CESG is the British government's lead on Information Security. It is part of GCHQ, which in turn is part of the Intelligence Community. Essentially it advises and provides assurance on Infosec to government and public sector clients; it does certify products but I think that these are complete security systems rather than individual software applications such as Eraser. CESG has a website, where there is more detail.

If someone needs to be compliant with CESG advice, that is something to consult on in the (presumably government) workplace; it is not something a forum like this can get involved in. Although I have come across the Infosec Standards at various times, I do not know how they are established or maintained. But I am sure that, for CESG, they are just some of the wide range of elements which make up an Infosec system. All Eraser does is implement part of a method associated with a published Infosec standard.

There is a useful Wikipedia article on secure erasing which provides some background.

Hope this helps.

Hi David,

As you said " Although I have come across the Infosec Standards at various times, I do not know how they are established or maintained." Currently, I can not find document for Infosec Standard No.5, but document for Infosec Standard No.1,2 and 6.

Could you give me the doc for Infosec No.5?
I appreciate your help and thank you so much.