filo/DigitalVision Vectors via G
Clear, Purge, Destroy: NIST media sanitization 101
NIST SP 800-88 outlines how to responsibly destroy data and keep confidential information out of the wrong hands. Learn more about the NIST guidelines for media sanitization here.
Media sanitization is one of the key activities associated with assuring data confidentiality. Standards like NIST SP 800-88 can help guide an organization's sanitization strategy and keep data secure.
When an organization no longer has use for a piece of storage media, all data on that device must be erased or deleted with no chance of being recovered. This is data sanitization.
In 2014, NIST released the first update to its standard Special Publication 800-88: Guidelines for Media Sanitization. Originally released in 2006, SP 800-88 provides guidance on how to categorize data by confidentiality and then use that information to make practical decisions about sanitization. These vary by organization and industry. Guidance contained in the standard is used by both public and private sector organizations.
SP 800-88 specifies processes that help decide the sanitization techniques an organization should use based on several factors. A key factor to note with NIST guidance is that users and organizations should focus on the information that might have been stored on the media, rather than just the media itself. The document also includes guidelines and recommendations on methods for sanitizing different types of media, especially more current SSD technology.
This article offers a quick guide to Revision 1 of SP 800-88 and how to incorporate its guidance into a media sanitization strategy.
NIST Clear, Purge and Destroy
NIST defines media sanitization as "a process that renders access to target data on the media infeasible for a given level of effort." Common media sanitization methods include physical destruction, data erasure, data masking and cryptographic erasure.
NIST SP 800-88 Revision 1 describes three specific approaches for media sanitization: Clear, Purge and Destroy. They are intended to prevent data from being accidentally released, protecting confidentiality.
These three approaches use similar methods to the major media sanitization techniques listed previously.
NIST Clear
Most similar to the data erasure approach, Clear uses standard logical read/write commands to overwrite data with nonsensitive data on media such as floppy disks, HDDs, SCSI drives and flash media. With the Clear approach, storage devices can be reused, which reduces waste. However, data found in hidden or inaccessible areas cannot be overwritten.
NIST Purge
This approach is more powerful than Clear, as it uses both physical and logical techniques to prevent data recovery using state-of-the-art laboratory overwriting, block erasure and cryptographic erase methods. It can be used with the same media as with Clear, and the media can be reused.
NIST Destroy
The Destroy method prevents target data recovery by using physical destruction techniques, such as shredding, smelting, pulverizing and incinerating. It can be used for the same media types mentioned previously, and the media typically can no longer be used, resulting in waste.
Use NIST SP 800-88 to guide a sanitization strategy
According to NIST, an organization's data sanitization strategy should be based on several attributes:
- Data categorization. All data within the organization should be categorized -- public, private, confidential or top secret, for example. This classification is a form of data management that aids the sanitization process and helps backup administrators better understand the data they are supposed to protect.
- Media type. The nature of the storage medium on which the data is recorded should be assessed, since it helps decide the method of destruction. Major media types include magnetic tape, HDDs and SSDs.
- Risk. A data sanitization strategy must asses the risks to confidentiality of the data. This links to data categorization and considers what might occur if the data were accidentally released. Confidential data at high risk, for example, might require a more powerful approach to sanitization, such as Destroy.
- Future plans for storage media. The method of sanitization in use affects where sanitized storage media ends up. If an organization wants to prioritize recycling and reusing media to reduce waste, that must be considered when choosing the sanitization method.
Understanding these factors can provide a decision process flow to help users and organizations make decisions regarding sanitization. NIST provides a workflow diagram in the standard that can help users decide the sanitization approach needed to achieve the required level of sanitization. The diagram considers data confidentiality, as well as the medium type.
Section 4 of the standard, Information Sanitization and Disposition Decision Making, provides a concise approach to creating a sanitization strategy.
Among the areas examined are the following, by section.
| Section Name | Description |
| 4.2 Determination of Security Categorization | Discusses categorizing data as private, public, confidential, secret, etc. |
| 4.3 Reuse of Media | Discusses whether media should be reused or recycled. |
| 4.4 Control of Media | Lists criteria on who has control of the media to be sanitized. |
| 4.5 Data Protection Level | Examines how important the data is in the context of how it is used and who uses it. |
| 4.6 Sanitization and Disposal Decision | Provides guidance on deciding which sanitization method should be used. |
| 4.7 Verify Methods | Provides guidance on how to verify that the media has been successfully sanitized. |
| 4.7.1 Verification of Equipment | Considers the sanitization approach and technology to be used. |
| 4.7.2 Verification of Personnel Competencies | Considers the experience of personnel assigned to sanitization. |
| 4.7.3 Verification of Sanitization Results | Provides guidance on how to verify that the media has been properly sanitized. |
| 4.8 Documentation | Recommends obtaining a certificate of media disposition that provides details on the media sanitized, how the process was done, who performed the sanitization and other details. |
Changes made in Revision 1
Acknowledging the changes in data storage technology, in 2014, NIST updated SP 800-88 guidelines to reflect a rethinking of media sanitization techniques. For example, degaussing can be an effective way to destroy or purge HDDs, floppy disks and magnetic tapes but not flash-based storage devices, such as SSDs.
The updated standard also includes several useful appendixes that provide details on how to sanitize a variety of storage devices and mobile phones; tools and resources with guidance on additional media standards; guidelines on cryptographic erasing; a glossary; and a bibliography of sources.
Paul Kirvan, FBCI, CISA, is an independent consultant and technical writer with more than 35 years of experience in business continuity, disaster recovery, resilience, cybersecurity, GRC, telecom and technical writing.
