How To Wipe Hard Drive With NIST 800-88 Compatible Software?

Every organization needs more storage. And with that, they need better processes to secure their data when in use and wipe their data when it’s not required anymore. Data that used to be securely stored on company servers now finds its way to individual laptops and smart devices due to the increasing use of cloud-based applications.

Research by Ponemon Institute, a premier research institute out of Michigan that is dedicated to privacy and investigation of data breaches, has found that in 2021 data breaches cost businesses over $4 million on average. Further, of the one thousand CIOs interviewed, 60% had suffered data breaches due to third-party service providers.

Data sanitization is now at the top of the list of most CIOs, at par with malware intrusion. You need NIST 800-88 compliant software to ensure data does not fall into wrong hands.

What is NIST 800-88?

NIST stands for National Institute for Standards and Technology. It is a physical sciences laboratory that is run by the US Department of Commerce. Previously, NIST was known as the Bureau of Standards.

NIST 800-88 is a guideline for data sanitization published in 2006 and has become the de facto standard globally. The objective of NIST 800-88 is to render data on the targeted device irretrievable.

The guidelines issued by NIST 800-88 cover all types of storage media including floppy discs, optical discs (CD/DVD), HDD, and SSD, and use Clear, Purge and Destroy as a three-pronged approach.

Clear

Clear overwrites data with 0 and 1. It is used with HDD, SSD, and other flash-based media (USB, memory card). NIST Clear data wiping software offers moderate protection against intrusion. It allows the media to be reused without any trouble.

Purge

Purge includes logical techniques for state-of-the-art overwriting and block erasure as well as deep erasure using cryptographic means. It is used with HDD, SSD, and other flash-based media (USB, memory card).

A NIST Purge data wiping tool offers a high level of protection against intrusion. It also allows easy reuse of storage media.

Destroy

The use of physical techniques such as pulverizing, shredding, and smelting render storage media unusable. It is the most secure. Clear and Purge cannot be used with optical media but Destroy renders it non-working.

The storage media cannot be reused, but to some extent recycling of materials is possible.

NIST Compliance Requirements for Data Erasure Software

The first point to note is that NIST does not conduct any validating exercise. It only sets out the standard for data sanitization and conducts testing. NIST 800-88 compliant software has to adhere to the guidelines set out in the document.

These are the salient points of NIST 800-88 Standard:

(page 20-22 of NIST 800-88r1)

  1. Overwriting with binary 0s in a single pass is considered satisfactory.
  2. Multiple passes may be used but they significantly reduce the lifespan of media.
  3. Cryptographic erase through TCG Opal SSC or Enterprise SSC interface.
  4. Though NIST acknowledges, and research shows that some signal remains, it is too feeble to be recovered.
  5. Verifying the sanitization is essential. Full verification of every bit is impossible so sample regions have to be tested.
  6. The software has to conceptually break up the media into subsections. A sufficient number of these subsections have to be tested so as to cover the entire addressable space.
  7. At least two locations in each subsection must be verified, e.g. say the media is split into 500 subsections each 250 MB. Then two from the first 250 MB, followed by two from the second 250 MB, and so on, must be verified.
  8. Each sample location must be at least 5% of the subsection and not overlap with the other location in the same subsection. In a subsection of 250 MB, each location must be at least 12.5 MB in size and at least a total of 25 MB of that subsection must be checked.
  9. Thus, a verification must cover at least 10% of the entire space on the media.
  10. The first and last addressable location is always included in the verification.
  11. The NIST 800-88 compliant software must produce automatic documentation containing
  • Manufacturer
  • Model
  • Serial number
  • The owner assigned part number if any
  • Type of media
  • Source
  • Details of Clear and Purge operation
  • Tool used
  • Verification method
  • Name of operator
  • Designation
  • Date and time

BitRaser – Cutting Edge Data Erasure Technology

In Oct 2020, NIST formally tested BitRaser on an HDD and SSD using CFTT Suite. As expected, the outcome was most satisfactory.  If you want to prevent data leakage, then BitRaser must be the NIST 800-88 compliant software of choice.

Features of BitRaser:

  • Erases data from desktop, laptop, server mounted drives.
  • Can erase 32 drives simultaneously at high speed.
  • Works with all major drive interfaces—SATA, PATA, USB, FireWire, PCI, NVME, M.2, SCSI, etc.
  • Compliant with 24 major international standards such as NIST 800-88, DOD 5220.22, HMG IS5, and more.
  • Securely erases HPA and DCO areas of a drive.
  • Supports multiple block sizes.
  • Works over the internet and Wi-Fi.
  • Works on 32 and 64-bit machines.
  • Boots from USB to BIOS and UEFI.
  • Secure communication with AES security.
  • Allows HexViewer verification of media.
  • Offers one-click wiping.
  • Cloud-based console for report generation and storage.
  • Generates secure and tamper-proof reports.

BitRaser Data Eraser Report

Data Eraser Report

How to Deploy BitRaser?

Data cannot be deleted while the drive is operational. But booting a PC activates the drive. That is why BitRaser downloads to a USB.

  • Create Bootable Drive
  • Boot from the USB
  • Erase using the standard of preference

It is as simple as that.

In the end, BitRaser would generate a detailed data eraser report about the drive erasure.

Who should use BitRaser?

  • Enterprise
  • Small and medium businesses
  • Governments
  • ITAD and seller of refurbished devices
  • Individuals

Data Sanitization Cannot be Ignored

Whether you are an at-home developer working freelance gigs or a Fortune 500 company, there are severe repercussions to data leakage. You could be held liable for damages. Worse than that, your professional reputation would be ruined.

Therefore, before you dispose of IT assets perform a check:

  • Is it storage media (HDD, memory card) or data passive (motherboard, ROM)?
  • If it is the former, has it ever contained sensitive data (address, passwords, research details, and so on)?
  • If yes, then you have to employ robust NIST 800-88 compliant software such as BitRaser to cleanse it.

We will be glad to clarify any questions you might have about our product. Please give us a call or visit our website today.

Leave a Reply

Your email address will not be published.