On-Site | Certified | Compliant

NIST 800-88 Hard Drive Destruction

Compliant with NIST Destruction and Reporting Guidelines.

NIST 800-88 Hard Drive Shredding

Compliance with NIST 800-88 hard drive destruction requirements consists of 1) define security level, 2) use NIST Decision Tree for destruction method, and 3) validatee and document.  See NIST Certificate of Destruction. This process is called the “NIST Sanitization and Disposal Decision Flow”.

NIST 800-88 “also recommends that users consider using destruction devices listed on the National Security Agency (NSA) evaluated products list.

According to NIST 800-88 Guidelines for Media Sanitization, shredding hard drives is the most secure and compliant form of data destruction.

NIST Sanitization Decision Flow Chart
E-Waste Security NIST 800 reporting and Certificate of Destruction

NIST 800-88 Data Destruction Reporting

A NIST 800-88 Certificate of Destruction requires linking the hard drive or SSD to the parent computer or server.  Details include make, model, serial number, and type.  Below is a sample Certificate of Destruction of ours.

Many businesses and organizations must now have a written Identity Theft Prevention Program per the Federal Trade Commission’s Red Flags Rule. Conforming to NIST 800-88 guidelines requires proper documentation of data destruction, more commonly known as a Certificate of Destruction.  Ask us about the difference between our standard Certificate of Destruction and a NIST certificate! 

E-Waste Security offers a NIST 800-88 Certificate of Destruction to help you comply with NIST 800-88 documentation requirements.

Scanning serial numbers for NIST 800-88 Compliant Data Destruction

NIST 800-88 Media Sanitization Decision Tree

NIST 800-88 data destruction decision flow chart.
A piece of metal is securely resting on top of another piece of metal in a HIPAA compliant hard drive destruction process.

NIST 800-88 Data Destruction Decision

Compliance with NIST 800-88 data destruction requires organizations to make only two decisions.  The first, and most important, decision is determining how critical the information is to the company, its employees, and its customers.  The second is who will have access to the digital media after disposal.

Once those questions are answered, the NIST 800-88 decision tree states the method of digital media destruction.

Define Security Level

If the information became public, would it be detrimental or catastrophic to the company, employees, or customers?

In a practical sense, any loss of information would expose the company to fines, litigation costs, and reputational damage.

Control: Chain of Custody

Will the digital media leave your custody or control?  Once a hard drive or SSD is given to a third party it is considered “out of your control”.  It is irrelevant if the drive has been erased, wiped, or encrypted.

You and your organization are completely reliant on the vendor to protect the information.

Destruction Method

The NIST 800-88 data destruction decision tree is very clear; shred computer hard drives and SSDs before they leave your control.  

According to NIST 800-88, shredding hard drives is the most secure and compliant form of data destruction

Guidelines for media sanitization.
hard Drive destruction projects for the City of Los Angeles
Hard drive destruction projects NASA in Pasadena
Hard drive destruction project for the Office of the Inspector General Health and Human Services
US Bankruptcy Court
City Of Tustin

NIST 800-88: Hard Drive & SSD Destruction

Let us know if we can help with your project.