What is NIST 800-88? All you need to know!
Table of Contents
- What is Media Sanitization?
- What is Media Destruction?
- What is NIST 800-88?
- Who is required to be NIST compliant?
- What Does Clear, Purge and Destroy Mean?
- What is the most Secure Data Destruction Method Available Today?
- How can Organizations get in touch with AIT for their data destruction needs?
- NIST 800-88 Questions
- 2023 saw a 78% increase in data breaches, reaching a record high of 3,205 for the year. (Identity Theft Resource Center, 2023)
- Data destruction is integral to protecting your data when recycling your electronics.
- NIST 800-88 is one of the main media sanitization guidelines to follow for destroying data.
- Find out what NIST means by Clear, Purge and Destroy as well as how secure each method is.
- Review which devices may contain data and how you can get started with destroying your sensitive data today!
What is Media Sanitization?
Media sanitization refers to all methods of irreversibly removing or destroying data from your data storage device.
Data storage devices can include hard drives (HDs,) solid-state drives (SSDs,) floppy discs, CDs, tapes and more. Media sanitization is a critical step for organizations looking to create an airtight plan for secure handling and sanitization of your team’s data storage devices.
What is Media Destruction?
Media destruction refers to the complete physical destruction of data storage devices. Destruction is usually performed after other data sanitization steps as an extra layer of security.
Some industries may require heightened levels of security when it comes to data storage devices. At AIT, we offer a variety of different data sanitization and destruction methods in order to make sure that your data is completely irretrievable and that your organization’s data is never compromised.
What is NIST 800-88?
NIST 800-88 guidelines are data sanitization guidelines put in place by the National Institute of Standards and Technology. These guidelines have been widely recognized and utilized by a variety of industries and governments as the gold standard for data destruction.
NIST guidelines use three methods of data sanitization: Clear, Purge and Destroy.
Who is required to be NIST compliant?
Any government agencies, contractors or subcontractors who handle government data are required to comply with NIST guidelines. However, these guidelines are highly suggested for any organization with private or sensitive information! With data breaches on the rise, it is integral to destroy your data prior to recycling of electronic devices.
Department of Defense DoD 5220.22-M
The DoD 5220.22-M standard, set in place by the U.S. Department of Defense, had been the main security standard for years.
However, NIST has since surpassed the security requirements of the DoD since the DoD didn’t take into consideration how to erase data from chip-based data storage devices such as solid-state drives (SSDs.)
What Does Clear, Purge and Destroy Mean?
Clear, purge and destroy are all methods of media sanitization. Each method is a step towards stronger security, chosen based on how sensitive the data is as well as requirements for your industry. We aim to make getting to your data virtually impossible.
NIST Clear
Clearing is like a basic cleanup; it clears all the easily accessible areas on your storage device with non-sensitive data. In practice, clearing involves resetting devices to factory settings or overwriting the media. However, this is not a secure enough method for any organization as data may still be retrievable once cleared.
Eligible Devices for NIST Clear |
|---|
| Routers and Switches |
| Mobile Devices |
| Office Equipment including laptops, desktops, PCs, printers, phones and scanners |
| Magnetic Media (Hard Disc Drives, Floppy Discs, Reels/Cassettes, ATA Hard Disk Drives like PATA, SATA and eSATA) |
| External storage such as external hard drives, USBs and Firewires |
| Optical Media (CDs, DVDs, BD) |
| Flash Memory-Based Storage Devices such as Solid-State Drives (SSDs) |
| Memory Cards |
| RAM and ROM-Based Storage Devices like DRAM, EAPROM and PROM |
NIST Purge
Purging steps data sanitization up a notch. It’s like a deep clean for your data, overwriting or erasing the data on your storage device in randomized blocks. While purging is more secure that just factory resetting a device, it is not the most secure data destruction method possible. Portions of data may still be recoverable with this method, which is why most organizations opt for destruction.
Eligible Devices for NIST Purge |
|---|
| Mobile Devices |
| Office Equipment: Degaussing of the internal data storage device |
| Magnetic Media (Hard Disc Drives, Floppy Discs, Reels/Cassettes, ATA Hard Disk Drives like PATA, SATA and eSATA) |
| Optical Media (CDs, DVDs, BD) |
| Solid-State Drives (SSDs) |
NIST Destroy
Destruction is the ultimate guarantee for your data security. It’s not just about cleaning or overwriting; it’s about obliterating the storage media itself. This is the go-to method when data is ultra-sensitive or if the device can’t be used again. It’s the equivalent of grinding a document into dust—there’s simply nothing left to recover.
Eligible Devices for NIST Destroy |
|---|
| Routers and Switches |
| Mobile Devices |
| Office Equipment including laptops, desktops, PCs, printers, phones and scanners |
| Magnetic Media (Hard Disc Drives, Floppy Discs, Reels/Cassettes, ATA Hard Disk Drives like PATA, SATA and eSATA) |
| External storage such as external hard drives, USBs and Firewires |
| Optical Media (CDs, DVDs, BD) |
| Flash Memory-Based Storage Devices such as Solid-State Drives (SSDs) |
| Memory Cards |
| RAM and ROM-Based Storage Devices like DRAM, EAPROM and PROM |
What is the most Secure Data Destruction Method Available Today?
Physically destroying your data storage devices is by far the most secure method of data destruction. Shredding data storage devices meets and exceeds both DoD 5220.22-M and NIST 800-88 data sanitization guidelines.
How can Organizations get in touch with AIT for their data destruction needs?
Just click the button below to get started! Simply let us know the amount of e-waste you have and where.
We will get back to you swiftly with a solution tailor-made for you!
NIST 800-88 Questions
Which devices may contain data?
Many devices nowadays may contain data. Some of these include: Computers, Laptops, Routers, Mobile Devices, Smart TVs, Smartwatches, Lab or Medical Equipment and more. If you’re not sure if your devices contain data, AIT can assist you by assessing any devices that you are concerned about.
Degaussing is a data sanitization method in which a powerful magnetic force is used to eliminate data physically from the platters. The magnet neutralizes the magnetic particles, permanently erasing the data.
AIT offers degaussing, destruction (shredding,) and additional asset tracking options for sensitive data. We can also provide on-site data destruction services if required.
How long will data sanitization and destruction take?
The amount of time that it takes to sanitize your data may vary depending on the amount of e-waste recycled. We can always provide you with an estimated time for completion if the data sanitization is time-sensitive.
