On-Site | Certified | Compliant
NIST 800-88 Hard Drive Destruction
Compliant with NIST Destruction and Reporting Guidelines.
NIST 800-88 Hard Drive Shredding
Compliance with NIST 800-88 hard drive destruction requirements consists of 1) define security level, 2) use NIST Decision Tree for destruction method, and 3) validatee and document. See NIST Certificate of Destruction. This process is called the “NIST Sanitization and Disposal Decision Flow”.
NIST 800-88 “also recommends that users consider using destruction devices listed on the National Security Agency (NSA) evaluated products list.
According to NIST 800-88 Guidelines for Media Sanitization, shredding hard drives is the most secure and compliant form of data destruction.
NIST 800-88 Data Destruction Reporting
A NIST 800-88 Certificate of Destruction requires linking the hard drive or SSD to the parent computer or server. Details include make, model, serial number, and type. Below is a sample Certificate of Destruction of ours.
Many businesses and organizations must now have a written Identity Theft Prevention Program per the Federal Trade Commission’s Red Flags Rule. Conforming to NIST 800-88 guidelines requires proper documentation of data destruction, more commonly known as a Certificate of Destruction. Ask us about the difference between our standard Certificate of Destruction and a NIST certificate!
E-Waste Security offers a NIST 800-88 Certificate of Destruction to help you comply with NIST 800-88 documentation requirements.
NIST 800-88 Media Sanitization Decision Tree
NIST 800-88 Data Destruction Decision
Compliance with NIST 800-88 data destruction requires organizations to make only two decisions. The first, and most important, decision is determining how critical the information is to the company, its employees, and its customers. The second is who will have access to the digital media after disposal.
Once those questions are answered, the NIST 800-88 decision tree states the method of digital media destruction.
Define Security Level
If the information became public, would it be detrimental or catastrophic to the company, employees, or customers?
In a practical sense, any loss of information would expose the company to fines, litigation costs, and reputational damage.
Control: Chain of Custody
Will the digital media leave your custody or control? Once a hard drive or SSD is given to a third party it is considered “out of your control”. It is irrelevant if the drive has been erased, wiped, or encrypted.
You and your organization are completely reliant on the vendor to protect the information.
Destruction Method
The NIST 800-88 data destruction decision tree is very clear; shred computer hard drives and SSDs before they leave your control.
According to NIST 800-88, shredding hard drives is the most secure and compliant form of data destruction
NIST 800-88: Hard Drive & SSD Destruction
Let us know if we can help with your project.