Attackers are targeting easier to access confidential information housed on company hard drives that are improperly disposed of. One must have data destruction policies and procedures in place to ensure a data breach doesn’t occur. In the Guidelines for Media Sanitization (NIST Special Publication 800-88 Rev 1) best practices from the National Institute of Standards and Technology are clearly provided.
In this document three forms of compliant sanitization are defined: clear, purge, and destroy.
- Clear: Overwriting storage space with non-sensitive data is one way to sanitize media. This method is not effective for media that is damaged or not rewriteable. The media type and size may also influence whether overwriting is a suitable sanitization method [SP 800-36].
- Purge: Acceptable forms of purging include degaussing and executing the firmware Secure Erase command (for ATA drives only). In degaussing a magnetic field is used to sanitize media. Degaussing is effective when working with damaged media, purging media with exceptionally large storage capacities, or for purging diskettes [SP 800-36].
- Destroy: Sanitization methods used to completely destroy media include Disintegration, Pulverization, Melting, and Incineration. Destruction methods are typically outsourced to an organization capable of performing these tasks safely and effectively. Pulverization is commonly referred to as Hard Drive Shredding in the IT asset disposal industry.
The NIST 800-88 document provides the below Media Sanitization Decision Matrix containing media-specific lists regarding the options of clear, purge, and destroy.
Media that contains proprietary, confidential material, or is otherwise deemed to be a high risk must be given priority and the strictest controls and destruction methods should be employed.
Learn More And Download the 5 Most Important Tips from NIST 800-88
ITAMG handles media sanitization in accordance with the National Institute of Standards & Technology (NIST) Special Publication Series 800-88. We can work with you to implement the most appropriate methods of disposal for your media and establish your secure and audit ready data destruction programs.