Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guidelines for Media Sanitization

Published

Author(s)

Richard L. Kissel, Matthew A. Scholl, Steven Skolochenko, Xiang Li

Abstract

Information systems capture, process, and store information using a wide variety of media. This information is located not only on the intended storage media but also on devices used to create, process, or transmit this information. These media may require special disposition in order to mitigate the risk of unauthorized disclosure of information and to ensure its confidentiality. Efficient and effective management of information created, processed, and stored by an information technology (IT) system throughout its life, from inception through disposition, is a primary concern of an information system owner and the custodian of the data. With the more prevalent use of increasingly sophisticated encryption, an attacker wishing to gain access to an organization?s sensitive information is forced to look outside the system itself for that information. One avenue of attack is the recovery of supposedly deleted data from media. These residual data may allow unauthorized individuals to reconstruct data and thereby gain access to sensitive information. Sanitization can be used to thwart this attack by ensuring that deleted data cannot be easily recovered. When storage media are transferred, become obsolete, or are no longer usable or required by an information system, it is important to ensure that residual magnetic, optical, electrical, or other representation of data that has been deleted is not easily recoverable. Sanitization refers to the general process of removing data from storage media, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed. This guide will assist organizations and system owners in making practical sanitization decisions based on the level of confidentiality of their information.
Citation
Special Publication (NIST SP) - 800-88
Report Number
800-88

Keywords

Information disposal, media disposal, media sanitization, storage security, purge, sanitization

Citation

Kissel, R. , Scholl, M. , Skolochenko, S. and Li, X. (2006), Guidelines for Media Sanitization, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50819 (Accessed March 19, 2024)
Created September 1, 2006, Updated January 27, 2020