Understanding NIST 800-88 Data Destruction Standards

What is NIST 800-88?

NIST Special Publication 800-88 Rev. 1, "Guidelines for Media Sanitization," provides guidance for organizations to sanitize media that has been used for data storage. It's the most widely accepted standard for data destruction in the United States.

Three Levels of Sanitization

Clear

Applies logical techniques to sanitize data in user-addressable storage locations. Typically involves overwriting with zeros or a fixed pattern. Sufficient for most general-purpose media being reused within the organization.

Purge

Applies physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques. Includes cryptographic erase, block erase, and degaussing.

Destroy

Renders target data recovery infeasible using state-of-the-art laboratory techniques and results in the inability to use the media for storage. Includes incineration, shredding, and disintegration.

Choosing the Right Method

The appropriate sanitization method depends on the security categorization of the data, the type of media, and the planned disposition of the media. High-security environments (government, healthcare, financial) typically require Purge or Destroy level sanitization.