We are going through a PCI audit and they are asking us to ensure that when we delete any file that contains Card Holder Data (CC Number, Name, Exp Date, Etc) it is deleted in such a way the operating system or utility can not recover it - basically we need to delete the file and have it overwritten multiple times on our AS/400. This would be like the SRM (Secure Remove) in UNIX, Shred in Linux, and PGPShred in Windows.
How could I accomplish this on our AS/400 - both in a standard library and on the IFS?
Here is the PCI-DSS 2.0 section that we are trying to comply with:
9.10.2 Render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed.
Verify that cardholder data on electronic media is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion, or otherwise physically destroying the media (for example, degaussing).