<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Recent changes to Standards Alignment</title><link>https://sourceforge.net/p/aad50/wiki/Standards%2520Alignment/</link><description>Recent changes to Standards Alignment</description><atom:link href="https://sourceforge.net/p/aad50/wiki/Standards%20Alignment/feed" rel="self"/><language>en</language><lastBuildDate>Sun, 05 Jul 2026 07:00:43 -0000</lastBuildDate><atom:link href="https://sourceforge.net/p/aad50/wiki/Standards%20Alignment/feed" rel="self" type="application/rss+xml"/><item><title>Standards Alignment modified by Yonas Abeselom</title><link>https://sourceforge.net/p/aad50/wiki/Standards%2520Alignment/</link><description>&lt;div class="markdown_content"&gt;&lt;h1 id="h-standards-alignment"&gt;Standards Alignment&lt;/h1&gt;
&lt;p&gt;AAD-50 is designed to meet or exceed the requirements of the following standards and specifications. This page documents how each standard maps to the AAD-50 protocol architecture.&lt;/p&gt;
&lt;hr/&gt;
&lt;h2 id="h-nist-sp-800-88-rev2-guidelines-for-media-sanitization"&gt;NIST SP 800-88 Rev.2 — Guidelines for Media Sanitization&lt;/h2&gt;
&lt;p&gt;Published by the National Institute of Standards and Technology. The current authoritative US government standard for media sanitization.&lt;/p&gt;
&lt;p&gt;NIST SP 800-88 Rev.2 defines three sanitization categories:&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Category&lt;/th&gt;
&lt;th&gt;Definition&lt;/th&gt;
&lt;th&gt;AAD-50 Alignment&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Clear&lt;/td&gt;
&lt;td&gt;Logical techniques to sanitize data in user-addressable storage locations&lt;/td&gt;
&lt;td&gt;Not applicable — AAD-50 operates at firmware level&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Purge&lt;/td&gt;
&lt;td&gt;Physical or logical techniques that render Target Data recovery infeasible&lt;/td&gt;
&lt;td&gt;Yes — AAD-50 Phase B+C achieve Purge classification&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Destroy&lt;/td&gt;
&lt;td&gt;Physical destruction of the storage device&lt;/td&gt;
&lt;td&gt;Not applicable — AAD-50 is a software/firmware protocol&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;p&gt;AAD-50 targets NIST SP 800-88 Rev.2 Purge classification through:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;NVMe Sanitize commands that reach all physical locations including over-provisioned zones, bad-block retirement pools, and wear-levelling reserves invisible to the host OS&lt;/li&gt;
&lt;li&gt;Per-cycle Log Page 0x81 hardware confirmation ensuring each cycle actually completed&lt;/li&gt;
&lt;li&gt;SHA-256 tamper-evident audit chain providing the documentation NIST requires for verified sanitization&lt;/li&gt;
&lt;li&gt;PDF Certificate of Destruction with operator name, drive serial number, and completion confirmation&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Note: Formal NIST evaluation has not yet been conducted. Alignment is based on protocol design analysis against the Rev.2 specification published September 2025.&lt;/p&gt;
&lt;hr/&gt;
&lt;h2 id="h-nvme-base-specification-20-21-sanitize-command-set"&gt;NVMe Base Specification 2.0 / 2.1 — Sanitize Command Set&lt;/h2&gt;
&lt;p&gt;Published by NVM Express, Inc. The authoritative technical specification for NVMe Sanitize command behaviour.&lt;/p&gt;
&lt;p&gt;AAD-50 implements the NVMe Sanitize command set as follows:&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;NVMe Feature&lt;/th&gt;
&lt;th&gt;AAD-50 Implementation&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Opcode 0x84&lt;/td&gt;
&lt;td&gt;Used for all sanitize cycles across all three phases&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;NSID = 0xFFFFFFFF&lt;/td&gt;
&lt;td&gt;Broadcast to entire drive subsystem — no partition exclusions&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;CDW10 = 0x02 (Overwrite)&lt;/td&gt;
&lt;td&gt;Phase B — 40 cycles of physical NAND cell overwrite&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;CDW10 = 0x01 (Block Erase)&lt;/td&gt;
&lt;td&gt;Phase C — 5 cycles of FTL index teardown&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;CDW10 = 0x04 (Crypto Erase)&lt;/td&gt;
&lt;td&gt;Phase A — 5 cycles of cryptographic key destruction&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Log Page 0x81 SSTAT polling&lt;/td&gt;
&lt;td&gt;Mandatory after every cycle — SSTAT = 0x1 required before advancing&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;SANICAP pre-flight check&lt;/td&gt;
&lt;td&gt;Verifies drive capability before dispatching any cycle&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;p&gt;NVM Express initiated internal review of the AAD-50 specification in June 2026.&lt;/p&gt;
&lt;hr/&gt;
&lt;h2 id="h-isoiec-270402015-storage-security"&gt;ISO/IEC 27040:2015 — Storage Security&lt;/h2&gt;
&lt;p&gt;Published by the International Organization for Standardization. Provides guidance on storage security including data sanitization requirements.&lt;/p&gt;
&lt;p&gt;ISO/IEC 27040 requires chain-of-custody documentation for sanitization operations. AAD-50 addresses this through:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Per-cycle telemetry records capturing timestamp, action code, duration, completion status, and active passthrough tier&lt;/li&gt;
&lt;li&gt;SHA-256 hash computed over all 50 cycle records — tamper-evident proof of complete execution&lt;/li&gt;
&lt;li&gt;PDF Certificate of Destruction embedding the audit hash, operator identity, drive serial number, and cycle-by-cycle confirmation&lt;/li&gt;
&lt;li&gt;JSON audit log preserving the full structured record for downstream security auditors&lt;/li&gt;
&lt;/ul&gt;
&lt;hr/&gt;
&lt;h2 id="h-ieee-2883-2022-standard-for-sanitizing-storage"&gt;IEEE 2883-2022 — Standard for Sanitizing Storage&lt;/h2&gt;
&lt;p&gt;Published by the Institute of Electrical and Electronics Engineers. The current international standard specifically for storage device sanitization, superseding earlier guidance.&lt;/p&gt;
&lt;p&gt;IEEE 2883-2022 defines sanitization requirements for solid-state storage including NVMe devices. AAD-50 is designed to meet or exceed its requirements through firmware-level command execution and per-cycle hardware verification.&lt;/p&gt;
&lt;p&gt;Formal evaluation against IEEE 2883-2022 has not yet been conducted and represents a necessary step toward regulatory recognition. This is tracked as a roadmap item.&lt;/p&gt;
&lt;hr/&gt;
&lt;h2 id="h-nvm-express-sanitize-command-atascsi-predecessors"&gt;NVM Express Sanitize Command — ATA/SCSI Predecessors&lt;/h2&gt;
&lt;p&gt;The Wei et al. (USENIX FAST 2011) empirical study evaluated ATA SECURITY ERASE UNIT and ACS-2 SANITIZE BLOCK ERASE commands — the ATA/SCSI predecessors to NVMe Opcode 0x84. Their findings documented 3 of 12 drives failing to correctly execute the sanitize command they reported supporting.&lt;/p&gt;
&lt;p&gt;NVMe Sanitize (Opcode 0x84) improves on its ATA predecessors in two key ways:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;NSID=0xFFFFFFFF broadcasts to all physical blocks including over-provisioned regions — directly addressing the FTL coverage problem Wei et al. documented on ATA drives&lt;/li&gt;
&lt;li&gt;The Log Page 0x81 status reporting mechanism provides a standardised polling interface for completion verification&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;AAD-50 implements both improvements and adds the per-cycle polling enforcement that neither the ATA predecessors nor the standard nvme-cli tooling provided before PR &lt;span&gt;[#3438]&lt;/span&gt;.&lt;/p&gt;
&lt;hr/&gt;
&lt;h2 id="h-nvme-cli-v30-b1-official-linux-nvme-toolchain"&gt;nvme-cli v3.0-b.1 — Official Linux NVMe Toolchain&lt;/h2&gt;
&lt;p&gt;On June 16, 2026, PR &lt;span&gt;[#3438]&lt;/span&gt; — implementing --wait and --repeat N based on the verification architecture proposed in RFC &lt;span&gt;[#3415]&lt;/span&gt; — was merged into linux-nvme/nvme-cli master by Daniel Wagner, the primary maintainer.&lt;/p&gt;
&lt;p&gt;nvme-cli v3.0-b.1 explicitly lists PR &lt;span&gt;[#3438]&lt;/span&gt; in its official release changelog:&lt;/p&gt;
&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="nl"&gt;nvme&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="k"&gt;add&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;support&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="k"&gt;for&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;sanitize&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;wait&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="k"&gt;option&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="k"&gt;by&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;@ikegami&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;t&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="ow"&gt;in&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;#3438&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;The verification architecture proposed by AAD-50 is now part of the official Linux NVMe toolchain and ships with virtually every Linux distribution on earth.&lt;/p&gt;
&lt;hr/&gt;
&lt;h2 id="h-summary-table"&gt;Summary Table&lt;/h2&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Standard&lt;/th&gt;
&lt;th&gt;AAD-50 Alignment&lt;/th&gt;
&lt;th&gt;Formal Evaluation&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;NIST SP 800-88 Rev.2 Purge&lt;/td&gt;
&lt;td&gt;Yes — by design&lt;/td&gt;
&lt;td&gt;Not yet conducted&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;NVMe Base Specification 2.0&lt;/td&gt;
&lt;td&gt;Full implementation&lt;/td&gt;
&lt;td&gt;Confirmed via nvme-cli merge&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;ISO/IEC 27040:2015&lt;/td&gt;
&lt;td&gt;Yes — audit chain and chain of custody&lt;/td&gt;
&lt;td&gt;Not yet conducted&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;IEEE 2883-2022&lt;/td&gt;
&lt;td&gt;Yes — by design&lt;/td&gt;
&lt;td&gt;Not yet conducted&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;nvme-cli v3.0-b.1&lt;/td&gt;
&lt;td&gt;Core verification architecture merged&lt;/td&gt;
&lt;td&gt;Confirmed — commit 84078fa&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;hr/&gt;
&lt;h2 id="h-further-reading"&gt;Further Reading&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;a href="./How-It-Works"&gt;How It Works&lt;/a&gt; — the verification architecture explained&lt;/li&gt;
&lt;li&gt;&lt;a href="/p/aad50/wiki/FAQ/"&gt;FAQ&lt;/a&gt; — common questions including compliance questions&lt;/li&gt;
&lt;li&gt;&lt;a href="https://doi.org/10.5281/zenodo.20839417" rel="nofollow"&gt;Whitepaper (Zenodo DOI)&lt;/a&gt; — full technical specification with standards mapping&lt;/li&gt;
&lt;li&gt;&lt;a href="./Roadmap"&gt;Roadmap&lt;/a&gt; — planned formal evaluation steps&lt;/li&gt;
&lt;/ul&gt;
&lt;hr/&gt;
&lt;p&gt;&lt;em&gt;AAD-50 v1.1 - github.com/yonasabeselom/aad50&lt;/em&gt;&lt;br/&gt;
&lt;em&gt;Maintained by: Yonas Abeselom - yonas_abeselom@protonmail.com&lt;/em&gt;&lt;/p&gt;&lt;/div&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Yonas Abeselom</dc:creator><pubDate>Sun, 05 Jul 2026 07:00:43 -0000</pubDate><guid>https://sourceforge.netc5e859601935873858e625e68d6d9f6a4a8325fb</guid></item></channel></rss>