Digital Media Destruction Guidelines

NIST defines media as “Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, Large-Scale Integration (LSI) memory chips, and printouts (but not
including display media) onto which information is recorded, stored, or printed within a system.”

This page is to discuss digital media specifically, which includes hard drives, SSDs, portable storage devices, and other such devices that store data. Two controls in particular in NIST 800-171 discuss sanitization and destruction of media as necessary. To comply with these controls, one must ensure that media is sanitized or destroyed based on the guidelines provided in NIST 800-88.

 

3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any data.
3.8.3 Sanitize or destroy system media containing data before disposal or release for reuse.


 

Please see below for the Guidelines for Media Sanitization and Destruction.