Hard Drive Destruction
Contact Us

NIST 800-88 Data Destruction

U.S. Dept. of Commerce Standards

NIST 800-88 Hard Drive Destruction Compliance

The National Institute of Standards and Technology (NIST) has developed Guidelines for Media Sanitization.  The NIST 800-88 publication is intended to assist organizations and IT system managers in making practical data destruction decisions based on the relative categorization and confidentiality of their information or data.

According to NIST 800-88, shredding hard drives is the most secure and compliant form of data destruction.  National Security Agency (NSA) contractors should refer to the stricter NSA/CSS hard drive destruction requirements.

E-Waste Security provides a NIST 800-88 Certificate of Destruction to help you comply with NIST 800-88 documentation requirements.

NIST 800-88 data destruction

NIST 800-88 Data Destruction Decision Method

 

The following flowchart summarizes the NIST 800-88 Sanitization and Disposition Decision Flow Chart.  Customer, employee, financial and health records are considered “High” security information.

 

s

Security levels

The recommended method (shred, degauss or erase) used for destroying hard drives is based on the “security level” of the information to be disposed of.  When the “security level” of information elevates, so does the required method of destruction.  To stay in compliance, it is critical to accurately classify the information in your custody.

Classification

NIST 800-88 guidelines classifies information as either low, medium or high security level.  However, NIST has not defined what the type of information belongs in each category.  This omission has left the burden on you.

Destruction Level

Decide which “security level” best describes your information.  Think of its value, confidentiality status, as well as the consequences of loss.  The name and home address of your clients may not seem of “High Security” to you, but it may be to your client, employee or other stakeholder.

According to NIST 800-88, shredding hard drives is the most secure and compliant form of data destruction

NIST Sanitization Decision Flow Chart
hard Drive destruction projects for the City of Los Angeles
Hard drive destruction projects NASA in Pasadena
Hard drive destruction project for the Office of the Inspector General Health and Human Services

NIST 800-88 Documentation

Many business and organizations are now required to have a written Identity Theft Prevention Program per the Federal Trade Commission’s Red Flags Rule. Conforming to NIST 800-88 guidelines requires proper documentation of data destruction or more commonly known as a Certificate of Destruction.

Scanning serial numbers for NIST 800-88 Compliant Data Destruction

NIST Hard Drive Destruction

If you need NIST 800-88 hard drive destruction for your organization, E-Waste Security can help.

Request Quote