Integrity

DEFINITION

A key capability in ISO 14721 conforming digital repositories is ensuring the integrity of the records in its custody, which involves two related preservation actions. The first action generates a cryptographic hash algorithm which serves as a digital fingerprint to address a vulnerability to accidental or intentional alternations to electronic records that occur during device/media renewal and internal data transfers. The second action involves integrity fixity that supports an unbroken electronic chain of custody captured in Preservation Description Information (PDI) in AIPs.

The digital repository has no documented procedure for integrity protection of permanent electronic records in its custody.

Move Up to Level 1:

Develop a procedure for generating and preserving MD-5 hash values before and after preservation actions, including device/media renewal, transfer, and migration. Hash digests are generated for permanent electronic records held by the Archives.

The digital repository generates and preserves MD-5 hash digests before and after device/media renewal and other archival storage preservation actions.

Move Up to Level 2:

Develop a procedure for generating and preserving SHA-1 hash values before and after device/media renewal and other internal preservation actions for partially conforming AIPs. Hash digests are generated for all inbound permanent electronic government records accessioned by the Archives into its digital repository.

The digital repository generates SHA-1 hash digests before and after device/media renewal and other internal preservation actions for partially conforming ISO 14721 AIPs.

Move Up to Level 3:

Develop a procedure for generating and preserving SHA-2 hash values before and after device/media renewal and other preservation actions. Hash digests are stored in the Preservation Description Information (PDI) of the partially conforming AIP.

The digital repository generates SHA-2 hash digests before and after device/media renewal and other internal preservation actions for all fully conforming ISO 14721 AIPs and stores them in the Preservation Description Information (PDI) of the AIPs.

Move Up to Level 4:

The Archives encapsulates fully conforming AIPs in XML and signs them with digital signatures to support an unbroken chain of custody in the digital repository. Integrity protection procedures are monitored as new tools and approaches become available for review.

The digital repository encapsulates fully conforming ISO 14721 AIPs in XML and signs them with a digital signature. Integrity protection procedures are continuously evaluated and updated as new tools and approaches become available.

Sustain Level 4:

The Archives and its IT partners routinely monitor and evaluate the efficacy of integrity protections on the permanent electronic government records collections to make updates and changes as necessary.

HELPFUL HINTS

Specific procedures for generating and preserving hash algorithms will depend on many factors including individual workflows, storage environments, and the quantity of discrete files or data. Integrity protection requires on-going communication and coordination with storage management providers. Calculated hash values should be kept alongside the materials for which they reference or in a reference file. Hash values should be kept for as long as needed to verify that a file hasn't changed.

Since cryptographic hash digests are subject to corruption and obsolescence, the Archives should have a plan to migrate its hash digests every few years. Keep in mind that new, more secure hashes are likely to have larger outputs (e.g., 256 bits for SHA-2 vs. 160 bits for SHA-1) and be more computationally expensive.

REMINDER

The CoSA Digital Preservation Capability self-assessment and Level Up Roadmap are based on the DPCMM so there is an assumption that archival institutions seeking to establish trusted digital repositories for permanent electronic government records will conform their operations to the specifications of ISO 14721 and ISO 16363, the de facto standards for the global digital preservation community.

DPC Components

Preservica
National Archives