Intro to NIST 800-88: Data Destruction Best Practices

Posted by Frank Milia

Dec 5, 2013 8:24:00 PM

Attackers are targeting easier to access confidential information housed on company hard drives that are improperly disposed of.  One must have data destruction policies and procedures in place to ensure a data breach doesn’t occur. In the Guidelines for Media Sanitization (NIST Special Publication 800-88 Rev 1) best practices from the National Institute of Standards and Technology are clearly provided.

In this document three forms of compliant sanitization are defined: clear, purge, and destroy.

 

  • Clear: Overwriting storage space with non-sensitive data is one way to sanitize media. This method is not effective for media that is damaged or not rewriteable. The media type and size may also influence whether overwriting is a suitable sanitization method [SP 800-36].
  • Purge: Acceptable forms of purging include degaussing and executing the firmware Secure Erase command (for ATA drives only).  In degaussing a magnetic field is used to sanitize media. Degaussing is effective when working with damaged media, purging media with exceptionally large storage capacities, or for purging diskettes [SP 800-36].
  • Destroy:  Sanitization methods used to completely destroy media include Disintegration, Pulverization, Melting, and Incineration.  Destruction methods are typically outsourced to an organization capable of performing these tasks safely and effectively.  Pulverization is commonly referred to as Hard Drive Shredding in the IT asset disposal industry.  

 The NIST 800-88 document provides the below Media Sanitization Decision Matrix containing media-specific lists regarding the options of clear, purge, and destroy.  

Capture

 

Media that contains proprietary, confidential material, or is otherwise deemed to be a high risk must be given priority and the strictest controls and destruction methods should be employed.

 

Learn More And Download the 5 Most Important Tips from NIST 800-88

 

Download 5 Data Destruction Tips

 

ITAMG handles media sanitization in accordance with the National Institute of Standards & Technology (NIST) Special Publication Series 800-88. We can work with you to implement the most appropriate methods of disposal for your media and establish your secure and audit ready data destruction programs.

Topics: IT Asset Disposal, data security, data destruction, data sanitization, NIST 800-88

    

Follow ITAMG

ITAD Guidance

Stay informed on important IT asset management topics

We are developing and aggregating the top stories related to IT management, infosec, and computer hardware from the unique perspective of EOL experts.  

You will stay in touch with:

  • IT procurement trends and analysis
  • Data security methods and best practices
  • Compliance tools and updates

Subscribe to Email Updates

R2-2013_Logo.png

Visit our Main Site at: www.itamg.com