NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
NIST SP 800-88 Guidelines for Media Sanitization
Guidelines for Media Sanitization: Recommendations of the National Institute of Standards and Technology
on Monday 04 September 2006 print the content item {PDF=create pdf file of the content item^plugin:content.52}
in NIST.gov Publications > Special Publications - SP 800 series

NIST Special Publication 800-88 was sponsored by the Homeland Security Department. Media Sanitization is an important subject and is required for all federal agencies. This document attempts to standardize how various media is sanitized before disposal or reuse.

Download the entire NIST SP 800-88 PDF (9/2006 Rev 1)

You may use the NIST.org Forum to ask questions or discuss this document.

Description from NIST.gov SP 800-88 (edited):

Information systems capture, process, and store information using a wide variety of media. This information is located not only on the intended storage media but also on devices used to create, process, or transmit this information. This media may require special disposition in order to mitigate the risk of unauthorized disclosure of information and to ensure its confidentiality. Efficient and effective management of information created, processed, and stored by an information technology (IT) system throughout its life (from inception through disposal) is a primary concern of an information system owner.

With the more prevalent use of increasingly sophisticated encryption, an attacker wishing to gain access to an organization’s sensitive information is forced to look outside the system itself for that information. One avenue of attack is the recovery of supposedly deleted data from media. This residual data may allow unauthorized individuals to reconstruct data and thereby gain access to sensitive information. Sanitization, done properly, can be used to thwart this attack by ensuring that deleted data cannot be easily recovered.

When storage media are transferred, become obsolete, or are no longer usable or required by an information system, it is important to ensure that residual magnetic, optical, or electrical representation of data that has been deleted is not easily recoverable. Sanitization refers to the general process of removing data from storage media, such that there is reasonable assurance, in proportion to the confidentiality of the data, that the data may not be retrieved and reconstructed.

This guide will assist organizations and system owners in making practical sanitization decisions based on the level of confidentiality of their information. It does not, and cannot, specifically address all known types of media; however, the described sanitization decision process can be applied universally.

---
The SP 800-88 document was created by the National Institute of Standards and Technology and is public domain (not subject to copyright).


NIST Special Publication # 800-88


Translate to: French German Italian Spanish Portuguese GTM_LAN_DUTCH Russian Chinese Arabic Korean English
Google Ads




Headlines

»NCCoE Speaker Series March 2015
»New NIST Tools to Help Boost Wireless Channel Frequencies and Capacity
»NIST Announces Pilot Grants Competition to Improve Security and Privacy of Online Identity Verification Systems
»Vendors Sought to Develop Model System to Monitor Security of Energy Industry Networked Control Systems
»NIST Releases Update of Industrial Control Systems Security Guide for Final Public Review
»Cybersecurity Summit Technical Workshop
»NIST Forensic Science Standards Committees to Hold First Public Meetings in February 2015
»NIST Security Guide Walks Organizations Through the Mobile App Security Vetting Process
»Open-Source Software for Quantum Information
»NIST Requests Round Two Comments on its Cryptographic Standards Process
»Symposium to Focus on Future of Voting Systems
»NIST Meeting: Cybersecurity Is a Key Ingredient In the Manufacturing Mix
»Future of Voting Systems Symposium II
»Global City Teams Challenge Tech Jam
»NIST Announces Initial Members of Forensic Science Digital Evidence Subcommittee


Date published: not known
Details

»FREAK SSL/TLS Vulnerability
Original release date: March 06, 2015 FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-020 ...
»Guidance for Defending Against Destructive Malware
Original release date: March 03, 2015 | Last revised: March 04, 2015 The Information Assuranc ...
»FTC Details the Top 10 Imposter Scams of 2014
Original release date: March 02, 2015 The Federal Trade Commission (FTC) has released an advi ...
»Cisco IPv6 Denial of Service Vulnerability
Original release date: February 25, 2015 Cisco has identified a vulnerability that could allo ...
»Samba Remote Code Execution Vulnerability
Original release date: February 24, 2015 Linux and Unix based operating systems employing Sam ...
»Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Original release date: February 24, 2015 The Mozilla Foundation has released security updates ...
»Lenovo Computers Vulnerable to HTTPS Spoofing
Original release date: February 20, 2015 | Last revised: March 04, 2015 Lenovo consumer perso ...
»IRS Issues Warning for a Scam Targeting Tax Preparers
Original release date: February 18, 2015 The Internal Revenue Service (IRS) has issued a pres ...
»ISC Releases Security Updates for BIND
Original release date: February 18, 2015 The Internet Systems Consortium (ISC) has released s ...
»Microsoft Releases February 2015 Security Bulletin
Original release date: February 10, 2015 Microsoft has released updates to address vulnerabil ...


Date published: not known
Details

»Virus Bulletin seeks hackers, network researchers for VB2015
One week left to submit an abstract for the 25th Virus Bulletin conference. A few weeks ago, I made ...
»Canadian firm fined $1.1m for breaching anti-spam law
First success story for long-awaited CASL. The Canadian Radio-television and Telecommunications Comm ...
»VB2014 paper: Leaving our ZIP undone: how to abuse ZIP to deliver malware apps
Gregory Panakkal explains that there are different ways of looking at APK files - and that sometimes ...
»FREAK attack takes HTTPS connections back to 1990s security
Golden keys from the (first) crypto wars have come back to haunt us. When a web client makes a secur ...
»Paper: Script in a lossy stream
Dénes Óvári explains how to store code in lossily compressed JPEG data. Malformed PDF ...
»TorrentLocker spam has DMARC enabled
Use of email authentication technique unlikely to bring any advantage. Last week, Trend Micro resear ...
»VB2014 paper: Caphaw - the advanced persistent pluginer
Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype. Sin ...
»M3AAWG releases BCP document on dealing with child sexual abuse material
Subject may make many feel uncomfortable, but it is essential that we know how to deal with it. The ...
»Hacker group takes over Lenovo's DNS
As emails were sent to wrong servers, DNSSEC might be worth looking into. Although, after some initi ...


Date published: not known
Details

»Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
Researchers had originally thought only Safari and Android affected by flaw.
»Does Hollywood Have The Answer To The Security Skills Question?
The Oscar-winning biopic about famed WWII cryptanalyst Alan Turing -- the father of modern computing ...
»Efforts To Team Up And Fight Off Hackers Intensify
New intelligence-sharing groups/ISACs emerge, software tools arrive and the White House adds a coord ...
»Anthem Refuses To Let Inspector General Conduct Full Security Audit
Security industry has mixed reactions.
»New Model Uses 'Malicious Language Of The Internet' To Find Threats Fast
OpenDNS's new NLPRank tool may identify malicious domains before they are even put to nefarious use. ...
»Which Apps Should You Secure First? Wrong Question.
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' t ...
»How Secure Are You?
The NIST Cybersecurity Framework can help you understand your risks.
»North Korean Government Not Likely Behind Malware On Nation's Official News Site
Contrary to initial assumptions of North Korean government involvement, watering hole attack appears ...
»Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs
There may already be millions of dollars in losses, but you can't blame Apple for this one.


Date published: Fri, 06 Mar 2015 20:09:55 EST
Details
Main Menu
· Home
Current Security News
 
SANS Internet Storm Center, InfoCON: green

» Infocon: green

» Cryptowall ,again!, (Fri, Mar 6th)
[06 Mar 2015 04:23am]

» ISC StormCast for Friday, March 6th 2015 http://isc.sans.edu/podcastdetail.html?id=4385, (Fri, Mar 6th)
[05 Mar 2015 08:35pm]

» XML: A New Vector For An Old Trick, (Thu, Mar 5th)
[05 Mar 2015 11:53am]

» Cuckoo Sandbox 1.2 released http://cuckoosandbox.org/2015-03-04-cuckoo-sandbox-12.html, (Thu, Mar 5th)
[05 Mar 2015 10:01am]

» Anybody Doing Anything About ANY Queries?, (Thu, Mar 5th)
[05 Mar 2015 09:26am]

» ISC StormCast for Thursday, March 5th 2015 http://isc.sans.edu/podcastdetail.html?id=4383, (Thu, Mar 5th)
[04 Mar 2015 07:48pm]

» Putty 0.64 released last week (sorry, we missed it) - private-key-not-wiped-2 and diffie-hellman-range-check security issues resolved. See http://www.chiark.greenend.org.uk/~sgtatham/putty/ and http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.ht, (Wed, Mar 4th)
[04 Mar 2015 03:42pm]

» Wireshark 1.10.13 (old stable) and 1.12.4 (stable) released - see https://www.wireshark.org/download.html and https://www.wireshark.org/docs/relnotes/, (Wed, Mar 4th)
[04 Mar 2015 03:39pm]

» March OUCH! Newsletter: Gaming Online Safely & Securely http://www.securingthehuman.org/ouch, (Wed, Mar 4th)
[04 Mar 2015 07:55am]

» No Wireshark? No TCPDump? No Problem!, (Wed, Mar 4th)
[04 Mar 2015 07:16am]

***
CNET News.com

» Microsoft defends opening Hotmail account of blogger in espionage case
[20 Mar 2014 06:47pm]

» Syria's Internet goes dark for several hours
[20 Mar 2014 04:25pm]

» Symantec fires CEO Steve Bennett
[20 Mar 2014 03:07pm]

» Microsoft sniffed blogger's Hotmail account to trace leak
[20 Mar 2014 01:28pm]

» Microsoft sniffed private Hotmail account to trace trade secret leak
[20 Mar 2014 01:28pm]

» IBM's new services zero in on fraud, financial crime
[20 Mar 2014 07:31am]

» Despite assault on privacy, Page sees value in online openness
[19 Mar 2014 08:00pm]

» Hackers transform EA Web page into Apple ID phishing scheme
[19 Mar 2014 05:21pm]

» NSA top lawyer says tech giants knew about data collection
[19 Mar 2014 02:57pm]

» Microsoft touts study showing the cost of pirated software
[19 Mar 2014 06:55am]

» Microsoft touts study showing cost of malware in pirated software
[19 Mar 2014 06:55am]

» How to spy on your lover, the smartphone way
[18 Mar 2014 01:24pm]

» Mt. Gox update lets users see their Bitcoin balances
[18 Mar 2014 06:38am]

» Fake Malaysia Airlines links spread malware
[17 Mar 2014 05:12pm]

» IBM: No, we did not help NSA spy on customers
[17 Mar 2014 01:15pm]

***

***



***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf
Symantec News

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}