What NIST 800-88 Means and Why it Matters

What Does NIST 800-88 Mean?

NIST 800-88 was a set of standards published by the National Institute for Standards and Technology. These standards were set to ensure total data erasure. There are three methods of meeting the NIST 800-88 standards, which are Clear, Purge and Destroy.

The NIST 800-88 standards are the most widely used data erasure standards by the U.S. Federal government. This is because it is the only set of standards that can safely destroy Top Secret information. Because of this, private businesses and organizations have adopted it as their go-to data erasure standard as well since – good news! – it includes everything from cell phones to USB drives. This is why it is so important for you to know what it is, how it works and how to safely achieve it in your business.

Methods of Data Erasure Compliant with NIST 800-88

There are many ways to erase data that won’t work in the long term. There are sophisticated software programs that can lift sensitive data from just about anything if it hasn’t been erased in compliance with the NIST 800-88 standards. Some of these methods include:

  • Degaussing – This is essentially demagnetizing a device in an effort to damage or erase data. The reason it doesn’t work well is that technology just keeps getting better, and ways to remagnetize can be developed on old devices.
  • Overwriting – This method of data erasure is basically covering up old data with patterns so random, it will take forever to figure out how to get through it. While it is somewhat effective, it may not reach all areas of the drive and there is a small chance that someone can figure out the pattern and get through it.
  • Shredding – This is, quite literally, shredding the device. While physical destruction is a preferred method of destroying data (more on that later), shredding is the worst way to do it. This is because shredding can leave tiny bits of data, which a skilled hacker can work to recover.

Since there are so many ways to accidentally leave data behind, the three methods that the NIST 800-88 standards have set as safe include clear, purge and destroy. Performing any one of these three methods (or even a combination of them, if you are extra worried about your data) will ensure safe data erasure. If it’s good enough for the government’s Top Secret information, it must be good!

Clear

The clear method includes logical techniques to erase all the data stored in the device. This is done through Read and Write commands, which includes resetting the device to its factory settings by rewriting with a new value. Most devices these days come with Clear capabilities, especially cell phones, which is why knowing this is very important for your business.

Purge

The Purge method uses methods that basically makes it impossible for data recovery to ever happen. Think of Purge as basically the Clear method on steroids. It removes data from everywhere – including hidden drives, protected areas and more. It then requires a verification pass, making it even more protected.

What NIST 800-88 Means and Why it Matters
What NIST 800-88 Means and Why it Matters

Destroy

Destroy is a way of rendering a device so completely useless, to the point of total data destruction. You can destroy a device a variety of ways, including melting, smashing it to pieces and getting out the stress of your tough work week, throwing it into a burning fire, or whatever you feel like. While this is the most effective means of completely destroying data, it does have its downsides.

The device becomes completely useless. Obviously, if you melt or smash a device, you’re never able to use it again. That’s why this method is best reserved for devices that already have irreparable damage to it and you don’t want to put on your shelves.
There’s a negative environmental impact. When you destroy a device, it adds to the already growing number of harmful e-waste in the world. When possible, recycle your old devices and use other methods of data erasure.

Why is Data Erasure Important?

In the mobile phone industry, data erasure is one of the most important parts of the job. Many people who sell their used phones might not know how to properly erase their data. Simply deleting something off a phone won’t work, and they might not be aware of this. Selling their phone puts them and their sensitive information at risk, so as the middle-man, it is important to maintain an honest, reputable business.

Performing a NIST 800-88 standard erasure gives the seller peace of mind, as well as the buyer. When they one day decide to sell devices to you, they already know that you will do the right thing and make sure it is erased and will be a return customer. That means more positive reviews for you, giving you a better bottom line!

How to Quickly Erase Data While Being NIST 800-88 Compliant

As a used cell phone buyer and seller, you likely have a lot of inventory coming in and out of your door every single day. This is especially true if you buy cell phones wholesale. It can be difficult and time-consuming to make sure that each and every cell phone is erased to the NIST 800-88 standards.

An easy way to do this is to use PhoneCheck, which will not only erase all data according to the NIST 800-88 standards but will also check 60+ points of diagnostics within the phone. This can include screen rotation speed, microphone and speaker functionality, Bluetooth and wifi signal strength, battery life, and much more. Not only that, it will perform all of this and print out a certificate in just 2 minutes.

Let Us Know!

How do you make sure that all of your devices are erased according to the NIST 800-88 standards? Do you need to save more time on performing data erasures? Let us know in the comments, or reach out to us on social media.

Related Posts

Leave a comment