NIST 800-88 Guidelines for Media Sanitization

National Institute of Science and Technology (NIST), which provides technical leadership for the United States' measurement and standards infrastructure, defines media sanitization as:

"The general process of removing data from storage media, such that there is reasonable assurance that data may not be easily retrieved and reconstructed."

During the transfer or disposal of storage media, it is imperative that the deleted data from storage media (whether residual magnetic, optical, electrical, or any other form) is not recoverable. Sanitization of storage media refers to a process of removing data, with the assurance that the data cannot be retrieved or reconstructed. This is to maintain data privacy standards and smooth exercising of privacy controls. There has to be defined means and mechanisms to protect leakage of sensitive information, across the IT-asset lifecycle.

What is the Need for Media Sanitization?

As per NIST 800-88 guidelines, Media sanitization is the key element to maintain data confidentiality. Organizations need to exercise proper control on 'confidential information' to avoid data leakage that happens due to improper disposal of storage media or reconstruction of ineffectively sanitized e-media/refurbished media. This is to ensure that Personal Identifiable Information (PII) is protected, reference 2.3 of the NIST guidelines. Organizations are required to follow data protection laws, regulations, and mandates governing the management of Personal Identifiable Information (PII). Violations of these laws can result in civil or criminal proceedings. Organizations may also have obligations to protect PII as per their own policies, standards, or management directives.

What is the Scope of Media Sanitization?

NIST 800-88 guidelines for media sanitization & data protection states that the sanitization operation is to be performed on complete data stored on the media, as it may be difficult for media sanitizer to differentiate sensitive data, in particular. Also, partial data sanitization is risky and not approved as per NIST 800-88 standard guidelines. As an example, amongst the flash drives - SSDs, memory cards, and USBs, it is recommended to overwrite the data with an agency approved and certified data erasure techniques, methods & tools. Alternatively, incinerate, shred, pulverize or disintegrate the flash drives, though these are not favorable means of data destruction due to environmental impact, secure media destruction, etc. As per NIST 800-88 guidelines, Solid-state drives (SSDs) cannot be purged by degaussing as these do not store data magnetically. Once the decision for media sanitization is made w.r.t means of sanitization & the type of media then the question arises as to who should be the decision-maker? Who will determine what, when, and how the data is to be sanitized?

Who is Responsible For Secure Data Disposal? 

NIST 800-88 data security standard helps categorize and assign media sanitization roles and responsibilities as per the following:

1. The team of professionals – Chief Information Officer, Information System Owner, Information Owner, System Security Manager, Privacy Officer, & Users
2. Defining information decision guidelines as in PSUs, Government organizations, and IT Asset Disposition companies (ITADs)
3. Determining and categorizing security as per compliances - SOX, HIPAA, PCI-DSS, and EU-GDPR, etc.

In the decision process of media sanitization, the confidentiality of the information plays a key role, the type of media plays a secondary role. Decision-makers decide upon the kind of sanitization basis requirements of individual cases. The decision is made for the safe disposal of leased or end-of-lifecycle IT assets to tackle data breach situations and meet legal compliances. Physical destruction methods are ruled out as these are not environment-friendly, instead of media sanitization through ITADs is preferred by decision-makers. ITAD's provide safe & certified cost-effective data erasure by using international standards of erasure.

Control & Reuse of Media

NIST 800-88 Guidelines for media sanitization define that the IT asset should be disposed of via a process flow using appropriate roles and responsibilities and the organization must maintain different levels of security based upon the data confidentiality level. Along with, the risk-based decision of sanitizing media, the organization should also consider the following –

• Consequence of information retrieval from sanitized media, it's cost and efficacy, and
• The cost involved in sanitization and its efficacy.
• Risk factor for the duration for which the data remains sensitive.

Media Sanitization Techniques & Methods

Commonly used media sanitization techniques are data erasure, degaussing, shredding, factory resets, data deletion, reformatting, and physical destruction.

• Techniques like shredding, factory resets, data deletion, and reformatting are incomplete methods of media sanitization.
• Degaussing eliminates the magnetic field from the storage devices thus rendering the data available on these devices unrecoverable.
• Data erasure overwrites the data using zero and one to destroy the available data on digital media.

You may like to read the use of NIST 800-88 standard for data erasure.

Media Sanitization Methods as per NIST 800-88 Guidelines:

Conclusion

NIST 800-88 guidelines define the processes that guide organizations to have adequate control over the information they possess and safeguard it through proper disposal of used and retired media. Though various techniques are employed to sanitize the media, two factors should be considered foremost – data confidentiality and environmental issues. Data sanitization techniques based on asset destruction are costly, generate massive e-waste, and are not suitable for all types of storage media. On the contrary, data erasure software guarantees media sanitization across all IT assets including HDDs, SSDs, Servers, and more, and also retains the hardware for refurbished use. Software such as BitRaser is NIST 800-88 compliant and generates a certificate for secure and responsible data erasure. It provides an environment-friendly means of media sanitization, with tamper-proof audit trails for data privacy.