What NIST 800-88 actually requires — and why it matters for your compliance.
NIST Special Publication 800-88 Revision 1, published by the National Institute of Standards and Technology, is the federal guideline for media sanitization. It defines how organizations should destroy data on storage devices before those devices are reused, transferred, or disposed of. It's the standard referenced by HIPAA, GLBA, PCI DSS, and most state-level data protection laws.
When your auditor asks "how was the data destroyed?" — NIST 800-88 is the answer they're looking for.
Overwrites data using standard read/write commands. Typically a single or multi-pass overwrite across all addressable storage locations.
Devices staying within your organization. For example, a workstation being reassigned to a different department.
Internal reuse, low-sensitivity data, devices that will remain under organizational control.
Applies techniques that make data unrecoverable even with state-of-the-art laboratory methods. For magnetic drives, this includes advanced overwrite patterns or degaussing. For SSDs and flash media, this means cryptographic erase.
Devices leaving your organization — being remarketed, donated, returned from lease, or transferred to a third party. This is the standard we apply on the vast majority of ITAD engagements.
Any device that will leave organizational control. Regulated data (PHI, PII, financial records). Most compliance requirements.
Physically renders the storage media unusable. Methods include shredding, crushing, disintegration, and incineration.
Devices that fail software-based sanitization verification. Devices containing the highest-sensitivity data where policy requires physical destruction regardless of wipe success.
Failed drives, classified data, organizational policies requiring physical destruction, drives where verification is not possible.
Traditional hard disk drives (HDDs) store data on magnetic platters. Overwriting every sector is straightforward — the write head passes over every location, and verification confirms the data is gone.
Solid-state drives don't work that way. SSDs use flash memory managed by an internal controller that distributes writes across cells to extend the drive's lifespan — a process called wear leveling. SSDs also maintain over-provisioned space (extra capacity not visible to the operating system) and may retain data in hidden reserves even after a full overwrite.
This means a traditional multi-pass overwrite can miss data on an SSD. The overwrite command goes to the controller, which writes to the cells it chooses — not necessarily the cells that held your sensitive data.
The solution is cryptographic erase. Modern SSDs encrypt all data by default using a key stored in the drive's firmware. Cryptographic erase destroys that key, making the entire contents of the drive — including data in wear-leveled cells, over-provisioned space, and hidden reserves — permanently unreadable. This is the NIST Purge method for flash-based media, and it's what we use on every SSD and NVMe drive we process.
For SSDs that don't support cryptographic erase (older or budget models), we escalate to NIST Destroy — physical destruction.
Full read-back verification after every wipe. The software reads the entire drive surface and confirms that no recoverable data patterns remain. Each device receives a pass/fail result logged by serial number. Failed devices are immediately escalated to physical destruction.
Visual and physical inspection confirming the media is destroyed beyond any possibility of reconstruction. Photographic documentation of destroyed media.
Every device — pass or fail — is documented on your Certificate of Destruction by serial number. There are no gaps in the record.
When a HIPAA auditor asks about your data disposal practices, they want to see three things:
That's exactly what our documentation package delivers. The Certificate of Destruction, Chain of Custody form, and Final Disposition Report are structured to answer these questions before the auditor asks them.