NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
NIST SP 800-88 Guidelines for Media Sanitization
Guidelines for Media Sanitization: Recommendations of the National Institute of Standards and Technology
on Monday 04 September 2006 print the content item {PDF=create pdf file of the content item^plugin:content.52}
in NIST.gov Publications > Special Publications - SP 800 series

NIST Special Publication 800-88 was sponsored by the Homeland Security Department. Media Sanitization is an important subject and is required for all federal agencies. This document attempts to standardize how various media is sanitized before disposal or reuse.

Download the entire NIST SP 800-88 PDF (9/2006 Rev 1)

You may use the NIST.org Forum to ask questions or discuss this document.

Description from NIST.gov SP 800-88 (edited):

Information systems capture, process, and store information using a wide variety of media. This information is located not only on the intended storage media but also on devices used to create, process, or transmit this information. This media may require special disposition in order to mitigate the risk of unauthorized disclosure of information and to ensure its confidentiality. Efficient and effective management of information created, processed, and stored by an information technology (IT) system throughout its life (from inception through disposal) is a primary concern of an information system owner.

With the more prevalent use of increasingly sophisticated encryption, an attacker wishing to gain access to an organization’s sensitive information is forced to look outside the system itself for that information. One avenue of attack is the recovery of supposedly deleted data from media. This residual data may allow unauthorized individuals to reconstruct data and thereby gain access to sensitive information. Sanitization, done properly, can be used to thwart this attack by ensuring that deleted data cannot be easily recovered.

When storage media are transferred, become obsolete, or are no longer usable or required by an information system, it is important to ensure that residual magnetic, optical, or electrical representation of data that has been deleted is not easily recoverable. Sanitization refers to the general process of removing data from storage media, such that there is reasonable assurance, in proportion to the confidentiality of the data, that the data may not be retrieved and reconstructed.

This guide will assist organizations and system owners in making practical sanitization decisions based on the level of confidentiality of their information. It does not, and cannot, specifically address all known types of media; however, the described sanitization decision process can be applied universally.

---
The SP 800-88 document was created by the National Institute of Standards and Technology and is public domain (not subject to copyright).


NIST Special Publication # 800-88


Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2014-9905
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow r ...
»CVE-2016-10134
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to ...
»CVE-2016-10227
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial o ...
»CVE-2016-1249
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allo ...
»CVE-2016-4311
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5. ...
»CVE-2016-4312
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 befo ...
»CVE-2016-4314 (carbon)
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote ...
»CVE-2016-4315 (carbon)
Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hija ...
»CVE-2016-4316 (carbon)
Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to i ...
»CVE-2016-4327 (enablement_server_for_java)
Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
»CVE-2016-4613
An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6 ...
»CVE-2016-4617
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involve ...
»CVE-2016-4660
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 ...
»CVE-2016-4661
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol ...
»CVE-2016-4662
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol ...


Date published: 2017-02-21T15:00:01Z
Details

»OpenSSL Releases Security Update
Original release date: February 16, 2017 OpenSSL version 1.1.0e has been released to address ...
»Cisco Releases Security Update
Original release date: February 15, 2017 Cisco has released a security update to address a vu ...
»FBI Releases Article on Romance Scams
Original release date: February 14, 2017 The Federal Bureau of Investigation (FBI) has releas ...
»Adobe Releases Security Updates
Original release date: February 14, 2017 Adobe has released security updates to address vulne ...
»Apple Releases Security Update
Original release date: February 14, 2017 Apple has released a security updates to address a v ...
»Enhanced Analysis of GRIZZLY STEPPE
Original release date: February 10, 2017 The Department of Homeland Security (DHS) has releas ...
»ISC Releases Security Updates for BIND
Original release date: February 08, 2017 | Last revised: February 09, 2017 The Internet Syste ...
»Cisco Clock Signal Component Failure Advisory
Original release date: February 06, 2017 Cisco has released a hardware advisory for a clock s ...
»CERT/CC Reports a Microsoft SMB Vulnerability
Original release date: February 03, 2017 CERT Coordination Center (CERT/CC) has released info ...
»Cisco Releases Security Updates
Original release date: February 01, 2017 Cisco has released security updates to address a vul ...


Date published: not known
Details




Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» OpenSSL Releases Security Update
[16 Feb 2017 07:23pm]

» Cisco Releases Security Update
[15 Feb 2017 12:20pm]

» FBI Releases Article on Romance Scams
[14 Feb 2017 09:01pm]

» Adobe Releases Security Updates
[14 Feb 2017 08:57am]

» Apple Releases Security Update
[14 Feb 2017 06:25am]

» Enhanced Analysis of GRIZZLY STEPPE
[10 Feb 2017 07:24pm]

» ISC Releases Security Updates for BIND
[08 Feb 2017 05:29pm]

» Cisco Clock Signal Component Failure Advisory
[06 Feb 2017 04:40pm]

» CERT/CC Reports a Microsoft SMB Vulnerability
[03 Feb 2017 01:48am]

» Cisco Releases Security Updates
[01 Feb 2017 10:59am]

***
US-CERT Alerts

» TA16-336A: Avalanche (crimeware-as-a-service infrastructure)
[30 Nov 2016 10:00pm]

» TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets
[14 Oct 2016 05:59pm]

» TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations
[06 Sep 2016 04:29pm]

» TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities
[05 Jul 2016 08:50am]

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

» TA16-091A: Ransomware and Recent Variants
[31 Mar 2016 04:00pm]

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

***
Computerworld Security

» Verizon knocks $350M from Yahoo deal after breaches
[21 Feb 2017 08:23am]

» True privacy online is not viable
[21 Feb 2017 04:00am]

» Hackers behind bank attack campaign use Russian decoy
[20 Feb 2017 08:00am]

» Uber to investigate female engineer’s ‘abhorrent’ sexual harassment claims
[20 Feb 2017 06:51am]

» RSA demo: TruStar anonymizes incident data to improve information exchange
[17 Feb 2017 04:50pm]

» Why robotics is key to cybersecurity's future
[17 Feb 2017 04:46pm]

» Here’s how the U.S. government can bolster cybersecurity
[17 Feb 2017 02:53pm]

» IDG Contributor Network: Why February's Patch Tuesday is delayed
[17 Feb 2017 10:52am]

» Insecure Android apps put connected cars at risk
[17 Feb 2017 10:08am]

» Tips for negotiating with cyber extortionists
[17 Feb 2017 05:51am]

» Get 72% off NordVPN Virtual Private Network Service For a Limited Time - Deal Alert
[16 Feb 2017 08:45pm]

» Experts at RSA offer up their best cybersecurity advice
[16 Feb 2017 05:34pm]

» Why (or where) many security programs fail
[16 Feb 2017 02:36pm]

» Israeli soldiers hit by Android malware from cyberespionage group
[16 Feb 2017 01:45pm]

» How the Cyber Threat Alliance works to fight cybercrime
[16 Feb 2017 12:29pm]

***
Microsoft Security Advisories

» 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
[27 Jan 2017 11:00am]

» 3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
[10 Jan 2017 11:00am]

» 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
[13 Sep 2016 11:00am]

» 3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
[13 Sep 2016 11:00am]

» 3179528 - Update for Kernel Mode Blacklist - Version: 1.0
[09 Aug 2016 11:00am]

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 11:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 11:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 11:00am]

***
WIRED

» An Arms Dealer Says Life Under Trump Is a ‘Win-Win’
[20 Feb 2017 05:00am]

» Smart City Tech Would Make Military Bases Safer
[19 Feb 2017 07:30am]

» The Former Secretary of Defense Outlines the Future of Warfare
[19 Feb 2017 05:00am]

» Security News This Week: Yahoo Got Hacked Again. No, Seriously
[18 Feb 2017 08:00am]

» Finding the Right National Security Adviser Won’t Be Easy
[17 Feb 2017 04:46pm]

» Android Phone Hacks Could Unlock Millions of Cars
[16 Feb 2017 03:30pm]

» Leaks Are Totally American—They’re Just Easier Now
[16 Feb 2017 12:17pm]

» Encryption Apps Help White House Staffers Leak—and Maybe Break the Law
[15 Feb 2017 10:43am]

» A Chip Flaw Strips Away Hacking Protections for Millions of Devices
[14 Feb 2017 05:30pm]

» The Best Encrypted Chat App Now Does Video Calls Too
[14 Feb 2017 11:55am]

***
Network World Security

» New York State Cybersecurity Rules and the Skills Shortage
[21 Feb 2017 08:55am]

» EFF: Congress is considering making it illegal to protect consumer privacy online
[21 Feb 2017 08:36am]

» IDG Contributor Network: Breaking through the cybersecurity bubble
[21 Feb 2017 08:15am]

» We finally know how much a data breach can cost
[21 Feb 2017 07:54am]

» 5 open source security tools too good to ignore
[21 Feb 2017 07:12am]

» Review: Samsung SmartCam PT network camera
[15 Feb 2017 07:00am]

» Review: Arlo Pro cameras offer true flexibility for home security
[09 Feb 2017 07:01am]

» Face-off: Oracle vs. CA for identity management
[26 Jan 2017 10:30am]

» 6 steps to secure a home security camera
[23 Jan 2017 04:00am]

» REVIEW: Home security cameras fall short on security
[23 Jan 2017 04:00am]

» Review: Microsoft Windows Defender comes up short
[03 Jan 2017 10:48am]

» Inside 3 top threat hunting tools
[19 Dec 2016 04:00am]

» Review: Threat hunting turns the tables on attackers
[19 Dec 2016 04:00am]

» New York State Cybersecurity Rules and the Skills Shortage
[21 Feb 2017 08:55am]

» IDG Contributor Network: Breaking through the cybersecurity bubble
[21 Feb 2017 08:15am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}