On-Site | Certified | Compliant
NIST 800-88 Hard Drive Destruction
Compliant with NIST Destruction and Reporting Guidelines.
NIST 800-88 Hard Drive Shredding
The National Institute of Standards and Technology (NIST) has developed Guidelines for Media Sanitization – hard drive and digital media destruction. The NIST 800-88 publication is intended to assist organizations and IT system managers in making practical data destruction decisions based on the relative categorization and confidentiality of their information or data.
According to NIST 800-88 Guidelines for Media Sanitization, shredding hard drives is the most secure and compliant form of data destruction. National Security Agency (NSA) contractors should refer to the stricter NSA/CSS hard drive destruction requirements.
NIST 800-88 Data Destruction Decision Method
The following flowchart summarizes the NIST 800-88 Sanitization and Disposition Decision Flow Chart. Customer, employee, financial, and health records are considered “High” security information.
Security levels
The recommended method (shred, degauss, or erase) used for destroying hard drives is based on the “security level” of the information disposed of. When the “security level” of information elevates, so does the required method of destruction. To stay compliant, it is critical to classify the information in your custody accurately.
Classification
NIST 800-88 guidelines classify information as low, medium, or high-security. However, NIST has not defined the type of information in each category. This omission has left the burden on you.
Destruction Level
Decide which “security level” best describes your information. Think of its value, confidentiality status, and the consequences of loss. Your clients’ names and home addresses may not seem “High Security” to you, but they may be to your client, employee, or other stakeholder.
According to NIST 800-88, shredding hard drives is the most secure and compliant form of data destruction
NIST 800-88 Data Destruction Reporting Requirements
Many businesses and organizations must now have a written Identity Theft Prevention Program per the Federal Trade Commission’s Red Flags Rule. Conforming to NIST 800-88 guidelines requires proper documentation of data destruction, more commonly known as a Certificate of Destruction. Ask us about the difference between our standard Certificate of Destruction and a NIST certificate!
E-Waste Security offers a NIST 800-88 Certificate of Destruction to help you comply with NIST 800-88 documentation requirements.
NIST 800-88: Hard Drive & SSD Destruction
Let us know if we can help with your project.