Several standards exist for secure data/media sanitization, but the most commonly cited standards are NIST SP 800-88.
Published by the National Institute of Standards and Technology (NIST), SP 800-88 defines processes for destroying data on hard disk drives (HDDs) and other forms of electronic media. The standard was published in 2006, then updated in December 2014 to reflect changes in media storage technologies.
What Does NIST SP 800-88 recommend for media sanitization?
NIST SP 800-88 defines three ways to sanitize media (and data):
- Clear the data by using software (or hardware) to overwrite data with simple read and write commands.
- Purge the data by using software to execute specific sanitization methods.
- Destroy the media through degaussing or by physically destroying the storage areas of the device/disk.
Below, we’ll provide an overview of each method and its NIST SP 800-88 Rev. 1 requirements. The full NIST standards can be found on the institute’s website.
Clearing Data to Meet NIST SP 800-88
Clearing data is the least secure method outlined in NIST SP 800-88, and is only intended to protect data from basic recovery techniques. For example, resetting a device to its factory state would qualify as “clearing” data under NIST SP 800-88.
Simple read-and-write commands should only be used when data security is not a crucial concern (or, in the NIST’s language, “if information disclosure would have no impact on organizational mission, would not result in damage to organizational assets, and would not result in financial loss or harm to any individuals”).
This is because Clear sanitization methods can usually be bypassed through standard data recovery efforts. For example, recovering data from a formatted hard drive can be accomplished relatively easily — Clear techniques should only be used when the device will remain under organizational control.
Purging Data to Meet NIST SP 800-88
Purge techniques typically fall into several categories:
- Overwriting the target data/device.
- Utilizing block erase methods.
- Utilizing cryptographic erase methods.
- Destroying the device (see below), which also renders the data “purged.”
For overwrites on magnetic media and flash memory devices, NIST SP 800-88 requires at least a single write pass with a fixed data value (for example, all zeros). Multiple write passes are recommended when information disclosure would be a medium or high concern.
For flash media, data may be purged through a block erase. NIST SP 800-88 recommends writing binary 1s across the user addressable area of the storage media, then performing a second block erase.
Cryptographic erasure methods are more secure, and should be combined with block erasure or traditional overwrites for optimal security.
Destroying Media to Meet NIST SP 800-88
Destroy methods, by nature, also “purge” the target data. However, destroying media renders it unusable — as such, Destroy methods are typically used when the media is leaving the organization.
Destroy methods vary by media type:
- Hard drives that do not have a flash storage component may be degaussed. Degaussing requires specialized equipment, and the media must be inspected after degaussing to ensure that data is completely destroyed. Improper positioning may prevent degaussing from destroying all user-addressable data; the platters may also be removed and purged with a degaussing wand.
- Degaussing is not recommended for SCSI hard drives. Because flash media does not store data magnetically, degaussing is ineffective for flash media.
- Hard drives, flash media, and optical media may be shredded, pulverized, or incinerated. As we’ve discussed in other blogs, incineration is not ideal for hard drive destruction — the process must be carried out at extremely high temperatures to destroy all data, and incineration is not environmentally friendly.
NIST SP 800-88 Compliance: Choosing a Data Sanitization Method
NIST SP 800-88 is a straightforward document with specific standards for different types of data storage media. However, at scale, organizations often encounter challenges when complying with the guidelines.
For example, degaussing hard drives — while reliable — requires knowledge and time. The destruction must be verified to ensure compliance, and to comply with other laws, workers may need to keep detailed documentation of the process.
Datarecovery.com recommends working with an experienced partner when carrying out at-scale media sanitization. Our experts can maintain chain of custody reports while following NIST SP 800-88 requirements, reducing the cost of a media migration or sanitization project — and ensuring worry-free compliance with relevant standards and security/privacy laws.
To learn more, submit a case online or call 1-800-237-4200 to speak with an expert.
