NIST Guidelines for Media Sanitization

Dec 14, 2019

National Institute of Science and Technology (NIST), which provides technical leadership for the United States' measurement and standards infrastructure, defines media sanitization as:

"The general process of removing data from storage media, such that there is reasonable assurance that data may not be easily retrieved and reconstructed."

During the transfer or disposal of storage media, it is imperative that the deleted data from storage media (whether residual magnetic, optical, electrical or any other form) is not recoverable. Sanitization of storage media refers to a process of removing data, with assurance that the data cannot be retrieved or reconstructed. This is to maintain data privacy standards and smooth exercising of privacy controls. There has to be defined means and mechanisms to protect leakage of sensitive information, across the IT-asset lifecycle.

Need for Media Sanitization

As per NIST - Media sanitization is the key element to maintain data confidentiality. Organizations need to exercise proper control on 'confidential information' to avoid data leakage that happens due to improper disposal of storage media or reconstruction of ineffectively sanitized e-media/refurbished media. This is to ensure that Personal Identifiable Information (PII) is protected, reference 2.3 of NIST guide. Organizations are required to follow data protection laws, regulations, and mandates governing the management of Personal Identifiable Information (PII). Violations of these laws can result in civil or criminal proceedings. Organizations may also have obligations to protect PII as per their own policies, standards, or management directives.

Scope of Media Sanitization

NIST guidelines for media sanitization & data protection states that the sanitization operation is to be performed on complete data stored on the media, as it may be difficult for media sanitizer to differentiate sensitive data, in particular. Also, partial data sanitization is risky and not approved as per NIST guidelines.

As an example, amongst the flash drives - SSDs, memory cards and USBs, it is recommended to overwrite the data with agency approved and certified data erasure techniques, methods & tools. Alternatively, incinerate, shred, pulverize or disintegrate the flash drives, though these are not favorable means of data destruction due to environmental impact, secure media destruction, etc. Infact SSDs cannot be purged by degaussing as these do not store data magnetically.

Once the decision for media sanitization is made w.r.t means of sanitization & the type of media then question arises as to who should be the decision maker? Who will determine what, when and how the data is to be sanitized?

Roles and Responsibilities

NIST data security helps categorize and assign media sanitization roles and responsibilities as per the following:

The team of professionals – Chief Information Officer, Information System Owner, Information Owner, System Security Manager, Privacy Officer, & Users
Defining information decision guidelines as in PSUs, Government organizations and IT Asset Disposition companies (ITADs)
Determining and categorizing security as per compliances - SOX, HIPAA, PCI-DSS, and EU-GDPR etc.

In the decision process of media sanitization, confidentiality of the information plays a key role, the type of media plays a secondary role. Decision makers decide upon the kind of sanitization basis requirements of individual cases. Decision is made for safe disposal of leased or end-of-lifecycle IT assets to tackle data breach situation and meet legal compliances. Physical destruction methods are ruled out as these are not environment-friendly, instead media sanitization through ITADs is preferred by decision makers. ITADs provide safe & certified cost-effective data erasure by using international standards of erasure.

Control & Reuse of Media

NIST Guidelines for media sanitization defines that the IT asset should be disposed off via a process flow using appropriate roles and responsibilities and organization must maintain different levels of security based upon the data confidentiality level. Along with, the risk-based decision of sanitizing media, the organization should also consider the following –

Consequence of information retrieval from sanitized media, it's cost and efficacy, and
Cost involved in sanitization and its efficacy.
Risk factor for the duration for which the data remains sensitive.

NIST explains media sanitization technique in an appropriate manner through the following graphic:

Figure 1: Illustrates "Sanitization and Disposition Decision Flow" as per NIST SP 800-88 Guidelines for Media Sanitization

Media Sanitization Techniques

Commonly used media sanitization techniques are data erasure, degaussing, shredding, factory resets, data deletion, reformatting and physical destruction.

Techniques like shredding, factory resets, data deletion and reformatting are incomplete methods of media sanitization.
Degaussing eliminates the magnetic field from the storage devices thus rendering the data available on these devices unrecoverable.
Data erasure overwrites the data using zero and one to destroy the available data on the digital media.

NIST regulations briefs on the type of media and preferred media

Media Type	Clear	Purge	Destroy
Floppy Disks, Disk Drives	Overwrite using agency-approved software	Degauss in an NSA/CSS-approved degausser.	Incinerate Shred
ATA Hard drives, SCSI Drives	Overwrite using agency-approved software	Secure Erase, Degauss, or Disassemble and degauss the enclosed platters.	Incinerate Shred Pulverize Disintegrate
CDs/DVDs	N/A	N/A	Destroy in the following order – Remove information using optical disc grinding device Incinerate using a licensed facility Use Optical disk media shredder
Flash Media – USBs, Memory Cards, SSDs	Overwrite using agency-approved software	Secure data erasure	Incinerate Shred Pulverize Disintegrate

Conclusion

NIST guidelines define the processes that guide organizations to have adequate control over the information they possess and safeguard it through proper disposal of used and retired media. Though various techniques are employed to sanitize the media, two factors should be considered foremost – data confidentiality and environmental issues. Data sanitization techniques based on asset destruction are costly, generate massive e-waste and are not suitable for all types of storage media. On the contrary, data erasure software guarantees media sanitization across all IT assets including HDDs, SSDs, Servers and more, and also retains the hardware for refurbished use. Software such as BitRaser is NIST 800-88 compliant, and generates a certificate for secure and responsible data erasure. It provides an environment-friendly means of media sanitization, with tamper-proof audit trails for data privacy.

Use of NIST for Hard Drive Erasure

Jan 15, 2020

Stages of Data Vulnerability and the Risks

Aug 11, 2019

Everything You Need To Know To Ensure GDPR (EU) Compliance

April 20, 2020

Name*
Email*
Phone
Company
Country*
Number of Devices to Erase*
Details (If Any)



(*) Mandatory Fields

	NIST Clear
	NIST-ATA Purge
	US Department of Defense, DoD 5220.22-M (3 passes)
	US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
	US Department of Defense, DoD 5200.28-STD (7 passes)
	Russian Standard – GOST-R-50739-95 (2 passes)
	B.Schneier’s algorithm (7 passes)
	German Standard VSITR (7 passes)
	Peter Gutmann (35 passes)
	US Army AR 380-19 (3 passes)
	North Atlantic Treaty Organization-NATO Standard (7 passes)
	US Air Force AFSSI 5020 (3 passes)
	Pfitzner algorithm (33 passes)
	Canadian RCMP TSSIT OPS-II (4 passes)
	British HMG IS5 (3 passes)
	Zeroes
	Pseudo-random
	Pseudo-random & Zeroes (2 passes)
	Random Random Zero (6 passes)
	British HMG IS5 Baseline standard
	NAVSO P-5239-26 (3 passes)
	NCSG-TG-025 (3 passes)
	5 Customized Algorithms & more

Useful Links

NEWS AND EVENTS

PARTNERS

RESOURCES

Request Free License