The National Institute of Standards and Technology (NIST) formulates several guidelines and standards that help organizations sanitize their media devices and safeguard sensitive data. NIST, in collaboration with Information Technology Laboratory (ILT) has formulated the NIST 800-88 guidelines for media sanitization
. Today, NIST 800-88 standard has become a widely accepted standard for data sanitization for destroying data from magnetic, flash-based, and other storage technologies. It is the most trusted & prevalent standard used by federal agencies and organizations to manage and reduce cyber security risks.
In our series of NIST articles, we have already described NIST SP 800-88 guidelines for media sanitization
, Use of NIST standard
, & difference between Clear, Purge & Destroy techniques
. We have also covered an in-depth insight into NIST Clear standard
. In this article, we will now dive deep into NIST Purge standard that explains overwriting, block erase and cryptographic erase as logical techniques to wipe ATAs, hard drives and SSDs.
Insights into Purge Techniques Of Media Sanitization
The Purge technique follows physical or logical techniques that make target data recovery either infeasible or impossible using even state-of-the-art laboratory techniques. Under the Purge category, there are several techniques that can be applied for media sanitization depending on the type of storage media which we will discuss in the article in detail. The techniques include Overwrite, Block Erase, Cryptographic Erase, and Degaussing. Overwrite, Block Erase and Cryptographic Erase techniques use standard and dedicated commands that follow media-specific procedures to bypass the abstraction inherent in typical read and write commands.
Types of Purge Techniques
- Overwrite: The ‘overwrite EXT’ command is used in the purge method to apply a single pass of a fixed pattern on hard disks. The pattern is usually pseudorandom or all 0s.There is also an option to apply three write passes of the pseudorandom pattern. This makes the second write pass the inverted version of the original.
- Block Erase: For SSDs or other flash-memory-based devices, the block Erase method of purge media sanitization is used. It electronically erases each block with the use of internal SSD functions by using ‘BLOCK ERASE’ command. Once the ‘BLOCK ERASE’ command is successfully implemented, binary 1s are applied over all user-addressable locations. The block erase is then repeated.
In case encryption was performed on the device after the data was stored on the device, it is not recommended to use Cryptographic Erase. Also, if the key to decrypt the data on the device is available elsewhere (as a form of a backup or escrow key), it may be used to retrieve the data, rendering Cryptographic Erase useless for purging a device.
- Cryptographic Erase: Some devices have integrated data encryption and access control capabilities. These devices, called Self-Encrypting Drives (SEDs), can be sanitized using the cryptographic erase technique. Examples of such devices include ATA hard drives and SSDs that support encryption. In SED devices, the data is encrypted using a key. The cryptographic erase method destroys the key, making decryption of data impossible, and thus, the data is irrecoverable. The ‘CRYPTO SCRAMBLE EXT’ command is used. And it is the fastest purge technique of media sanitization. This method can also be accompanied by a single-pass overwrite or secure erase or clear techniques. You may refer to our article on How to perform cryptographic erasure on SSDs.
- Degaussing: This is a physical technique of media sanitization to render the device purged using a Degausser. The degausser is a piece of equipment that produces powerful electromagnetic waves that facilitate data sanitization. The data stored on media devices (like hard drives) is in the form of magnetic fields. The strong electromagnetic waves produced from the degausser kills the device’s magnetic field. This results in complete data destruction. Degaussing qualifies to be a purge technique under NIST guidelines only if the sanitized media is available for reuse after it is purged. If the device is no longer available for use, such degaussing is considered as a destroy technique. Degaussing cannot be used to wipe data from SSDs or other non-magnetic storage devices. Also, presently available degaussers might not be suitable for sanitizing devices with higher magnetic forces. Thus, it is important to match the strength of the degausser to the media coercivity.
Application of Purge Techniques on Different Storage Devices: As Per NIST Guidelines
Overwrite, Cryptographic Erase, and Degaussing techniques as discussed earlier can be used to sanitize ATA hard drives (SATA, PATA, eSATA, etc.). Proper verification is important after the sanitization process is completed except for degaussing. If degaussing is opted, it should be ensured that an appropriate degausser is selected, degaussing is correctly applied & spot checking is done periodically to ensure that the process is working correctly.
SSDs can be sanitized using either the Block Erase technique or Cryptographic Erase technique or both if supported. If the device supports encryption and Cryptographic Erase is used, the block erase technique can be optionally used after that. If the block erase technique is not supported on the device, Secure Erase or Clear procedures can also be applied. After sanitization, verification techniques as mentioned in Section 4.7 of NIST SP 800-88 guidelines have to be applied.
Cryptographic Erase should be verified before the application of additional sanitization techniques. Degaussing should not be used as the sole purge technique for SSD media sanitization. However, it may be used for hybrid devices with non-flash memory components.
The process of purging Android devices depends on the device manufacturer and service provider. The ‘eMMC Secure Erase’ or ‘Secure Trim’ command may be used. Other equivalent commands or methods can also be used depending on the device’s storage media. Some versions of Android support encryption. Such devices can also be sanitized using the Cryptographic Erase technique. Organizations or individuals should contact device manufacturers to check what purge techniques are suitable for media sanitization.
All current and future generation iPhones and iPads support Cryptographic Erase. It is assumed that encryption is always on and all the data on the device is already encrypted. To purge an iPhone, follow the below-mentioned steps:
- Go to the Settings menu.
- Select General.
- Click on Reset.
- Press the Erase All Contents and Settings option.
After sanitizing iPhones and Android devices, NIST 800-88 recommends navigating through the settings and menus on the device. This is to ensure and verify that sanitization has been completed effectively. If some user data or settings remain after the reset, the purge technique is not complete.
BitRaser Drive Eraser Supports NIST 800-88 Purge Standard
Now that we have discussed in detail about NIST Purge standard as defined in the NIST 800-88 media sanitization guidelines, the next step is to perform media sanitization by choosing the right solution. Advanced and certified tools like BitRaser Drive Eraser helps ensure eradication of data beyond recovery using NIST Purge Standard. The tool guarantees verification of data erasure along with generating tamper-proof reports and certificates for audit trails. This helps reduce risk of data breaches and enables organizations to meet global compliances.
BitRaser is the first choice for erasing data using NIST 800-88 Purge & Clear standard as it tested and approved by NIST (National Institute of Standard and Technology) and DHS (Department of Homeland Security) in October 2020. You may refer to the detailed report of the tests conducted on hard drive and SSD here.
NIST Purge provides a more thorough level of sanitization than NIST Clear standard that is used to wipe moderately sensitive data, while accepting the risk of laboratory retrieval. Purge is used for devices that contained more confidential data as it focuses on removal of all hidden areas including Host Protected Areas (HPAs and Device Configuration Overlays (DCO).
Devices that are properly sanitized as per the NIST guidelines don’t pose risks of data breaches or leaks. Transferring devices from one user to another, sale of old devices, or the disposal of IT assets make the media device susceptible to misuse. Responsible organizations always make sure that all threats of data theft are eliminated before the device changes hands. And media sanitization is the most effective when NIST 800-88 guidelines are adhered to.