NIST 800-88 - Clear & Purge techniques for HDD erasure

Written By Abhishek Jain
Updated on Jan 15, 2020
Min Reading 3 Min

Jan 15, 2020

Media sanitization is a core competency for IT organizations in the context of data privacy, data security, and regulatory compliance. Growing concerns about data privacy along with media proliferation has turned data sanitization into a critical business need.

There are various information destruction standards today - each with specific methods and guidelines - to serve the media sanitization needs. For instance, NIST Special Publication 800-88 –laid down under the Federal Information Security Management Act of 2002– outlines Clear, Purge, and Physical Destruction as the 3 methods for media sanitization. The NIST data erasure standard is a secure erase method that can be used to sanitize a vast variety of media including ATA hard disk drives and SSDs, mobile devices, USB removable media, optical media, etc.

How do NIST Clear and Purge methods erase ATA hard disk drives and SSDs?

NIST Clear and Purge are the preferred methods for sanitizing media (wherever feasible & sufficient). That's because both Clear and Purge methods rely on logical techniques – overwrite, block erase, and cryptographic erase – to sanitize the media. So, there's no e-waste generation and also the storage media can be reused.

The following section outlines the specific techniques within NIST Data Erasure Standard:

1 - NIST Clear techniques for erasing hard disk drives and SSDs:

The NIST Clear method uses standard read/write commands, techniques and tools to overwrite all the user-addressable locations including logical file storage locations on an ATA hard drive or SSD with non-sensitive data (binary 1s and 0s).

The Clear pattern for media overwriting should include at least a single write pass with a fixed data value such as all zeros. Multiple write passes or values that are more complex may optionally be used.

Note: Overwriting on SSDs (flash storage) may reduce the effective lifetime of the media. Also, it may not sanitize the data in unmapped physical media.

2 - NIST Purge techniques for erasing hard disk drives and SSDs:

The NIST Purge method involves Overwrite, Block Erase, and Cryptographic Erase as the logical techniques for sanitizing ATA hard disk drives and SSDs.

The Purge method uses the overwrite EXT command to overwrite – i.e. apply a single write pass of a fixed pattern (all 0s or a pseudorandom pattern) – on ATA hard disk drives. Optionally, it may apply three total write passes of a pseudorandom pattern so that the second write pass is the inverted version of the original pattern.

Block Erase is the secondary erasure method for SSDs, which "electrically" erases each block by using internal SSD functions. After successful implementation of the block erase command, the method applies binary 1s across all the user-addressable locations on the storage media and then repeats Block Erase.

NIST Purge also specifies use of Cryptographic Erase command to sanitize ATA hard drives and SSDs that support encryption. Cryptographic Erase can be optionally accompanied with single-pass Overwrite, Secure Erase or Clear techniques, based on the media support.

Key Considerations for NIST Clear and Purge Methods

Verify the sanitization technique:

It is important to verify the efficacy of Clear and Purge techniques. For instance, for the 3 pass ATA sanitize overwrite procedure with invert pattern, the verification process would simply look for the original pattern.

Reset the storage device's configuration capabilities:

Storage device configuration such as Host Protected Area (HPA), Device Configuration Overlay (DCO), or Accessible Max Address may hinder the ability to access the entire addressable area of the storage media. Therefore, these should be reset before implementing the sanitization technique.

Verify the Cryptographic Erase command individually:

Verify and ascertain successful completion of Cryptographic Erase before implementing additional sanitization techniques such as Clear or Purge. This is because not all implementations of media encryption are suitable for Cryptographic Erase as a Purge mechanism.

Evaluate media-specific use of ATA Secure Erase:

ATA Secure Erase serves only as a 'Clear' mechanism for flash memory, so there is a possibility that sensitive data may remain in areas such as spare cells that have been rotated out of use. So, use the SECURITY ERASE UNIT command only after ascertaining its efficacy, based on the type of media.

How does Data Erasure Software Help Implement NIST Clear and Purge

A Data erasure software like BitRaser can perform media sanitization by overwriting the data, based on NIST Clear and Purge methods. This plug-and-play data erasure tool can add up to 5 customized erasure algorithms. It also provides tamper-proof audit trails to help businesses attain compliance with data security & privacy standards such as SOX, GLB, HIPAA, ISO27001, EU-GDPR, and PCI-DSS.

FAQs

What is NIST SP 800 88 standard?

National Institute of Standards and Technology (NIST) has issued an updated version of Special Publication (SP) 800-88 guidelines for Media Sanitization. The NIST data erasure standard is a secure erase method that can be used to sanitize a vast variety of media including ATA hard disk drives and SSDs, mobile devices, USB removable media, optical media, etc.

How Secure is the NIST 800-88 Standard?

NIST 800-88 is extremely secure and defines the safest methods of IT assets disposition. Laid down under the Federal Information Security Management Act of 2002, the NIST SP 800-88 standard suggests Clear, Purge, and Physical Destruction as the top three media sanitization approaches.

What is NIST Clear?

What is NIST Purge?

The NIST Purge method involves Overwrite, Block Erase, and Cryptographic Erase as the logical techniques for sanitizing ATA hard disk drives and SSDs. The Purge method uses the overwrite EXT command to overwrite – i.e. apply a single write pass of a fixed pattern (all 0s or a pseudorandom pattern) – on ATA hard disk drives. Optionally, it may apply three total write passes of a pseudorandom pattern so that the second write pass is the inverted version of the original pattern.

Can You Wipe SSD Using NIST 800-88?

Yes, NIST 800-88 advocates using Clear and Purge techniques to securely perform data wiping on SSDs.

BitRaser is NIST Certified

See All Certifications

The Basics of Gramm–Leach–Bliley Act (GLBA) Worth Knowing

July 10, 2020

That Innocuous Printer Can Leak Your Data.

Nov 10, 2020

Understanding Data Destruction

Sep 18, 2019

Name*
Email*
Phone
Company
Country*
Number of Devices to Erase*
Details (If Any)



(*) Mandatory Fields

Name*
Business Email*
Phone*
Company *
Country*
Number of Devices to Erase*
Details (If Any)
	Captcha* 2+1 =


(*) Mandatory Fields

	NIST Clear
	NIST-ATA Purge
	US Department of Defense, DoD 5220.22-M (3 passes)
	US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
	US Department of Defense, DoD 5200.28-STD (7 passes)
	Russian Standard – GOST-R-50739-95 (2 passes)
	B.Schneier’s algorithm (7 passes)
	German Standard VSITR (7 passes)
	Peter Gutmann (35 passes)
	US Army AR 380-19 (3 passes)
	North Atlantic Treaty Organization-NATO Standard (7 passes)
	US Air Force AFSSI 5020 (3 passes)
	Pfitzner algorithm (33 passes)
	Canadian RCMP TSSIT OPS-II (4 passes)
	British HMG IS5 (3 passes)
	Zeroes
	Pseudo-random
	Pseudo-random & Zeroes (2 passes)
	Random Random Zero (6 passes)
	British HMG IS5 Baseline standard
	NAVSO P-5239-26 (3 passes)
	NCSG-TG-025 (3 passes)
	5 Customized Algorithms & more

Use of NIST 800-88 Standard For Drive Erasure

FAQs

Useful Links

NEWS AND EVENTS

PARTNERS

RESOURCES

Use of NIST 800-88 Standard For Drive Erasure

FAQs

Request Free License

WANT TO KNOW MORE