Jamf Nation Community

atacaciu · 2 weeks ago

Hello,

We are selling our old Macbooks and I have a dilemma. We just got out ISO 27001 cert last year and to keep it we would need to securely wipe and have a record of said wipe before we sell the macbooks. My question is remote "wipe computer" command going to completely wipe the device and make the data unrecoverable (making it ISO 27001 complaint) and is Jamf pro keeping a record of these wipes somewhere where I can get back to them in case of an audit?

Thank you

AJPinto · 2 weeks ago

Providing you have FileVault enabled, and you use the erase all contents and setting command from the MDM or from within macOS then yes you have sufficiently sanitized data to be compliant with NIST standards for data destruction. If FileVault is enabled and you erase the device, it is cryptographic erasure.

However, don’t trust some internet rando to answer questions like this. Open a case with Apple, and have them provide you their certifications and how to accomplish cryptographic erasure; get your information directly from Apple officially. Also open a case with your recycler and have them provide you their certifications.

Jamf Pro does not hold any records you could use for reporting like this. You or your Field Services (whoever handles device disposal) team AND your recycler should be verifying independently that each device has been sanitized and certifying each device individually. This is deep audit stuff, dont take shortcuts and dont be lazy.

https://csrc.nist.gov/pubs/sp/800/88/r1/final

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

https://support.apple.com/en-gu/guide/deployment/dep0a819891e/web#:~:text=If%20you%27re%20an%20admin.... - Specifcally read this article.

https://support.apple.com/en-gu/guide/mac-help/mh11785/mac

https://support.apple.com/en-gu/guide/disk-utility/dskutl14079/mac

os-tech_r828 · 2 weeks ago

Excellent advice! Yeah @atacaciu I would definitely go with this, especially since it seems like you would need a more detailed and official proof of compliance than the one I gave as an example in my initial response a few moments ago!

os-tech_r828 · 2 weeks ago

Good question. It's not a command I use very often. Most of the time I wipe computers individually, though it is easier to do it through Jamf. I've had situations in the past where I used the "wipe computer" command and it completely wiped it to the point where the OS was practically removed and I had to reinstall using a bootable drive. I've also had a few instances (yesterday for example) where I've wiped the computer but it simply set it back to a factory default state. I would test it on one of them and see what would happen.

As far as a record in Jamf, the only place where I see a record of Jamf reporting that it was wiped (using the computer I wiped yesterday with the "wipe computer" as an example), is in the History tab when you look in the Management History section. I'm not sure if this is the kind of record that you're looking for but I've included a screenshot so you can see what it looks like for me. Plus, as long as you don't delete the computer record in Jamf, you should always have this computer to refer back to. We even still have some old records of computers that we've released from Apple School Manager accessible in Jamf. Hope this helps!

JevermannNG · Wednesday

We have the following Tool in a new Test-Project, we will see how it works in our environment:

Update_macOS_DDM

Jamf Nation Community

Selling Old Macbooks