NIST 800-88 Certificate of Destruction
The details and requirements necessary for a NIST COD
Destruction Process | Reporting Requirements | Compliance
NIST 800-88 Compliant Certificate of Destruction
A NIST 800-88 Certificate of Destruction must include the hard drive make, model, serial number, type, and the parent computer’s serial number.
Our standard Certificate of Destruction contains most of the information most clients require. Let us know if you need additional NIST details.
Destroying hard drives “in compliance with NIST” requires specific reporting details. This means that your COD must detail all hard drive information, identify the computer from which the hard drive came, and describe how the hard drive was destroyed.
Document from NIST 800-88 Sanitization Guidelines.
E-Waste Security NIST 800 Report
NIST 800-88 Background
The National Institute of Standards and Technology (NIST) has developed Guidelines for Media Sanitization – NIST 800-88. This document assists organizations in implementing a media sanitization program consistent with the security level of the information to be destroyed.
The NIST 800-88 “Guidelines for Media Sanitization” paper includes a sample Certificate of Destruction and a list of requirements. The main sections of the certificate include the person performing the sanitization, media information, sanitization details, media destination, and destruction verification. NIST 800-88 compliance, among other things, the make and model of the hard drive and the source computer. There needs to be a documented link from the hard drive being destroyed to the laptop and user.
The following document is only a portion of the guidelines the National Institute of Standards and Technology set forth. We have worked with the Jet Propulsion Laboratory to destroy digital media for NASA by NIST 800-88. See our process for digital media destruction.
Ask us about a NIST Certificate of Destruction
NIST 800-88 Data Destruction Required Documentation
NIST 800-88 compliance goes beyond our standard Certificate of Destruction. Compliance requires additional reporting and documentation. The often-overlooked reporting requirement is linking the hard drive to the parent computer. This link is called the parent-child relationship.
Chapter 4.8 of the NIST 800-88 Guidelines for Media Sanitization details the documentation requirements. The Certificate of Sanitization, shown below, is an excellent example of how the report may look.