NIST 800-88 Certificate of Destruction

E-Waste Security NIST 800 Report

NIST 800-88 Background

The National Institute of Standards and Technology (NIST) has developed Guidelines for Media Sanitization – NIST 800-88.  This document assists organizations in implementing a media sanitization program consistent with the security level of the information to be destroyed.

The NIST 800-88 “Guidelines for Media Sanitization” paper includes a sample Certificate of Destruction and a list of requirements.  The main sections of the certificate include the person performing the sanitization, media information, sanitization details, media destination, and destruction verification.  NIST 800-88 compliance, among other things, the make and model of the hard drive and the source computer.  There needs to be a documented link from the hard drive being destroyed to the laptop and user.

The following document is only a portion of the guidelines the National Institute of Standards and Technology set forth.  We have worked with the Jet Propulsion Laboratory to destroy digital media for NASA by NIST 800-88.  See our process for digital media destruction.

NIST 800-88 Data Destruction Required Documentation

NIST 800-88 compliance goes beyond our standard Certificate of Destruction.  Compliance requires additional reporting and documentation.  The often-overlooked reporting requirement is linking the hard drive to the parent computer.  This link is called the parent-child relationship.

Chapter 4.8 of the NIST 800-88 Guidelines for Media Sanitization details the documentation requirements.  The Certificate of Sanitization, shown below, is an excellent example of how the report may look.