+34 930 223 465

NIST 800-88: Information deletion strategies

The NIST 800-88 guide is an industry standard for the secure deletion of electronic information, establishing a framework to ensure that sensitive data is deleted in a way that prevents unauthorised recovery.

Key Principles of NIST Guide 800-88

Information categorization

  • Definition and scope: This guide emphasises the importance of categorizing information according to its level of confidentiality and the impact that its unauthorised disclosure could have.
  • Implementation: Organizations should evaluate and classify their data to determine the most appropriate erasure method, whether through wiping, purging, or physically destroying the media.

Secure Erasure Methods

  • Cleaning: Intended to protect information against standard data recovery techniques, applicable to media that will be reused internally.
  • Purge: Provides protection against more advanced data recovery techniques, recommended for media that will change control or be discarded.
  • Physical destruction: Ensures that the media is completely unusable and irreparable, indicated for when the media cannot be purged.

Verification, Documentation and Compliance

Deletion Verification

  • NIST 800-88 recommends verifying the effectiveness of secure erasure to ensure that the data has been properly deleted and is not recoverable.
  • This includes performing audits and sample tests to validate that deletion methods have been implemented correctly.

Process documentation

  • The guide highlights the importance of meticulously documenting secure erasure processes, including the methods used, the date of erasure, and verification of the effectiveness of the process.
  • This documentation is crucial to demonstrate compliance with internal policies and external regulations on information protection.

Compliance and Continuous Improvement

  • Adhering to NIST 800-88 helps organizations comply with best practices and regulatory standards for information protection.
  • Regularly reviewing erasure processes and updating policies based on technological advances and regulatory changes are critical to continuous improvement of information security.

Related Blancco Products

Blancco Drive Eraser

Blancco File Eraser

Blancco Virtual Machine Eraser

Blancco Lun Eraser

Blancco Mobile Eraser

Blancco Removable Media Eraser

Other Secure Erasure Compliance Guides

  • · National Security Scheme (ENS)
  • · ISO/IEC 27040:2015: Information Storage Security
  • · General Data Protection Regulation (GDPR)
  • · National Institute of Standards and Technology (NIST 800-88)
  • · Payment Card Industry Data Security Standard (PCI DSS)