NIST 800-88 Hard Drive Destruction
The National Institute of Standards and Technology (NIST) has developed Guidelines for Media Sanitization- NIST 800-88. This document assists in implementing a media sanitization program with proper procedures, techniques and disposal decisions based on the relative confidentiality of information or data.
The Internal Revenue Service’s IRS Publication 1075 Media Sanitization Guidelines’ follows the guidance set forth in NIST SP 800-88 for media sanitization and destruction. Bottom line is that hard drive shredding is the most secure form of digital media destruction and sanitization.
NIST 800-88 describes three methods for sanitizing hard disk drives, 1) erasing, 2) degaussing and 3) shredding. NIST 800-88 considers physically shredding hard drives the most secure form of data destruction and should be used for all levels of confidential information.
NIST 800-88 Documentation
The National Institute of Standards and Technology (NIST) has developed Guidelines for Media Sanitization – NIST 800-88. This document assists organizations in implementing a media sanitization program consistent with the security level of the information or data to be destroyed.
Conforming with NIST 800-88 Media Sanitization requires more than simply shredding or erasing hard drives. Proper reporting is required under NIST 800-88. The following document is only a portion of the guidelines set forth by the National Institute of Standards and Technology. We have worked with the Jet Propulsion Laboratory to destroy digital media for NASA in accordance with NIST 800-88.
NIST 800-88 states that disk drives containing high security information should be shredded when leaving our custody. All of the information on our system is high security – so we shred.
IRS Publication 1075 Media Sanitization Requirements
E-Waste Security of Hard Drive Shredding
IRS Publication 1075 clarifies the implementation of electronic media sanitization. In general, IRS 1075 follows the guidelines set forth in NIST SP 800-88, Guidelines for Media Sanitization.
The IRS policy provides specific guidance on techniques that should be used for Federal Tax Information (FTI) by clearing, purging and destroying the FTI based on the type of media housing the FTI. Verifying the selected information sanitization and disposal process is an essential step in maintaining confidentiality. Generally, destruction should be witnessed by an agency employee.
The decision to erase or physically destroy hard drives should be based on your organization’s policies and procedures governing data security and destruction. Many business and organizations are now required to have a written Identity Theft Prevention Program per the Federal Trade Commission’s Red Flags Rule.
E-Waste Security has provided NIST 800-88 hard drive destruction services to governmental agencies such as the Jet Propulsion Laboratory and NASA as well as Fortune 100 corporations.
If your data destruction project needs to comply with NIST 800-88, HIPAA, HITECH, GLBA and FACTA we can help.