IEEE Security in Storage Working Group (SISWG)

Title: IEEE Security in Storage Working Group

Scope: The Security In Storage Working Group (SISWG) develops standards that address any aspect of security as it relates to data storage. The work of this group is of interest to storage developers, storage vendors, and storage system operators.

SISWG’s present and past work includes:

  • A family of standards on data sanitization: The IEEE 2883 family.
  • A family of standards on data encryption methods for storage components: The IEEE 1619 family.
  • A standard on Discovery, Authentication, and Authentication in Host Attachments of Storage Devices: The IEEE 1667 specification.

New Standards under Development:

P2883.2Recommended Practice for Virtualized and Cloud Storage Sanitization

This standard will provide recommendations to organizations in applying sanitization methods to virtualized and cloud storage systems. Recommendations  will primarily focus on mitigation of risk within constraints posed by feasibility, effectiveness, economics, and environmental consequences.

Status: SISWG has created a subgroup to develop P2883.2. The subgroup meets every other Tuesday via WebEx at 12:00 PDT.

P3406Standard for a Purge and Destruct Sanitization Framework

This standard will provide a framework of requirements for implementing the Purge and Destruct storage sanitization methods.

Status: The first draft for a ballot is under development.

Revisions under Development for Published Standards:

P2883Standard for Sanitizing Storage

The next revision of IEEE Std 2883™-2022 is under development.

P1667Standard for Discovery, Authentication, and Authorization in Host Attachments of Storage Devices (revision of IEEE Std 1667™-2018)

SISWG has accumulated a number of requests for changes to 1667. Most are editorial corrections; a few are technical changes, such as specifying the effects of PCIe resets in multi-port devices.

Input is solicited from any users of IEEE Std 1667.

Published Standards:

IEEE Std 1619™-2025 – IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices

This new version reduces the allowed key space, i.e., the number of bytes of data that can be encrypted with one key. In previous version, the key space was so large as to increase the chances of a successful brute-force decryption attack in the large storage devices coming on the market.

IEEE Std 1619.1™-2018 – IEEE Standard for Authenticated Encryption with Length Expansion for Storage Devices

IEEE Std 1619.2™-2025 – IEEE Approved Draft Standard for Wide-Block Encryption for Shared Storage Media

This new version removes the XCB-AES encryption algorithm. XCB had been found to have security flaws.

IEEE Std 1667™-2018 – IEEE Standard for Discovery, Authentication, and Authorization in Host Attachments of Storage Devices

IEEE Std 2883™-2022 – IEEE Standard for Sanitizing Storage

IEEE Std 2883.1™-2025 – Recommended Practice for the Use of Storage Sanitization Methods

Meetings:

SISWG meets via WebEx every other Friday from 14:00 to 16:00 Pacific Time.

Membership:

SISWG is an individual membership working group. Members do not formally represent companies or other entities. To join, send an e-mail to the chair, who will send you instructions on how to become a member and how to join the e-mail reflector.