Updated: 22 June 2026 by Jetico Technical Support
The NIST SP 800-88 Guidelines for Media Sanitization provide instructions to organizations on how to effectively sanitize hard drives and other electronic media. Released by the National Institute of Standards and Technology, the guidelines are widely followed by the U.S. government and private companies.
Here we will provide an overview of NIST SP 800-88 and the concept of media sanitization. We will then take a closer look at NIST’s 3 ways of dealing with end-of-life data, and finally explain why verifying your sanitization results is essential to following the guidelines.
NIST SP 800-88 Guidelines in a Nutshell
- When?
The NIST SP 800-88 Guidelines for Media Sanitization were first published in 2006 and updated to Revision 1 (Rev 1) in December 2014. In September 2025, NIST published Revision 2 (Rev 2), which replaced Rev 1 and is now the current version. - What?
The NIST publication is a U.S. government document that provides guidance on how to securely sanitize information storage media. In practice, this means ensuring that data cannot be recovered using a level of effort and resources commensurate with its sensitivity. For example, data sanitized with the ‘Clear‘ method should resist simple software recovery tools, while data sanitized with ‘Purge‘ or ‘Destroy‘ methods should be irrecoverable even with advanced, state-of-the-art laboratory techniques. - Who?
The NIST SP 800-88 Guidelines for Media Sanitization were originally meant for government use, but are now commonly implemented by many private companies and organizations. While it’s not compulsory to comply with the guidelines, it’s advisable for companies to adopt them in order to ensure their sensitive data is unrecoverable.
What Is Media Sanitization?
Media sanitization is the process of removing access to data stored on information storage media in a way that ensures it cannot be easily retrieved by third parties. After correctly sanitizing a device, the data that has been removed should be unrecoverable even with the assistance of advanced forensic tools.
Proper sanitization goes far beyond simply deleting files. When you delete a file, the operating system typically just removes the pointer to that data, leaving the actual data on the drive until it is overwritten by new information. This leftover data is known as ‘data remanence.’ Sanitization is the process of deliberately targeting and eliminating this data remanence, including data in hidden areas of the drive like unallocated space or bad sectors, to ensure it cannot be recovered.
When Is Media Sanitization Necessary?
Media sanitization is necessary whenever a storage device leaves your control or changes hands, not only when it reaches end of life. Each of these moments is a point where data can leak if the media isn’t sanitized first.
- Resale, Donation or Recycling – Before a device leaves the organization, purge all sensitive data so the next owner can’t read it.
- Employee Offboarding – When someone leaves, sanitize their computer, phone and other devices before reassigning them.
- Moving Between Security Levels – When a device moves from a high-security environment to a lower one, sanitize it first to prevent data spillage.
- Returning Leased Equipment – Sanitize leased hardware before you return it to the vendor, as your contract and security policy usually require.
NIST’s 3 Sanitization Methods: Clear, Purge, Destroy
The NIST SP 800-88 Guidelines for Media Sanitization recommends that you remove your data in one of 3 ways: Clearing, Purging, or Destroying.
Clear – Overwriting User-Accessible Storage
Clearing is a sanitization method that involves using software or hardware products to overwrite all user-addressable storage space. The goal of clearing is to replace written data and potentially sensitive information with random data.
Clearing can be applied by using the standard Read and Write commands on your device, and can involve rewriting data with a new value or resetting the device to its factory settings. While your information most likely can’t be retrieved by basic recovery utilities, this sanitization method only provides an intermediate level of protection.
Purge – Defending Against Advanced Recovery Methods
Purging provides more comprehensive sanitization than clearing, as purging protects information against laboratory attacks that use advanced methods and tools to recover data. Purge methods can include techniques such as overwriting, block erasing, and cryptographic erasure, depending on the media type and the approved standard being followed.
Under Rev. 2, NIST does not provide detailed purge instructions for every device type. Instead, organizations should follow appropriate external standards, such as IEEE 2883, NSA/CSS specifications or another approved internal standard.
Destroy – When Hardware Cannot Be Reused
Destroying, like purging, protects data from being recovered by state-of-the-art laboratory techniques. A key difference, however, is that after destroying media the device is no longer able to store data.
There are many physical techniques for destroying media, such as disintegrating, incinerating, melting, and shredding. While destruction can be useful for hardware that cannot possibly be reused, in most cases you should alternatively consider purging your media instead. Not only does purging allow you to reuse or donate your devices, this also means you can reduce the amount of harmful electronic waste you produce. Find out more about the benefits of erasing and repurposing your devices.
| Clear | Purge | Destroy | |
|---|---|---|---|
| What it does | Overwrites user-accessible storage areas | Permanently removes data beyond forensic recovery | Physically damages storage media |
| Level of protection | Protection against basic recovery tools | Protection against laboratory attacks | Protection against laboratory attacks |
| Device usable after sanitization | Yes | Yes | No |
| Environmental impact | Low | Low – supports reuse and reduces electronic waste | High – generates electronic waste |
| Sanitization methods | Software-based overwriting, factory reset | Dedicated sanitize commands, cryptographic erase, and software-based purge solutions (e.g. BCWipe Total WipeOut) | Shredding, incineration, disintegration |
| Recommended for | Internal device reuse where data sensitivity is low | Secure device reuse, donation, resale, or redeployment – the preferred option in most cases | End-of-life storage media that can’t be reused or safely redeployed |
Does the Sanitization Method Depend on Media Type?
The right sanitization method depends on the type of storage media. A technique that works on one kind of drive can fail on another.
Hard disk drives (HDDs) store data magnetically on spinning platters. That data can be removed by overwriting it or by degaussing, which exposes the drive to a strong magnetic field.
Solid-state drives (SSDs) work differently. They store data in flash memory and use wear-leveling and over-provisioning to spread it across the memory chips. Because of this, a standard overwrite command can miss copies of the data in areas it never reaches. To purge an SSD properly, you need a method built for flash memory, such as cryptographic erase or a dedicated sanitize command.
This is why the method has to match the media. Degaussing an SSD, for example, will not remove the data and can damage the drive. The table below maps each common storage type to its clear, purge and destroy techniques under IEEE 2883.
| Media Type | Clear | Purge | Destroy |
|---|---|---|---|
| HDD (magnetic) | Overwrite (single pass) | Overwrite via the ATA/SCSI sanitize command, cryptographic erase on self-encrypting drives, or degaussing | Disintegrate, incinerate or melt |
| SSD (SATA/SAS flash) | Overwrite | Cryptographic erase or block erase via the drive’s sanitize command | Disintegrate to a fine particle (about 2 mm), incinerate or melt |
| Optical (CD, DVD, Blu-ray) | Not applicable | Not applicable | Disintegrate, incinerate or melt |
| Tape (magnetic, e.g. LTO) | Overwrite | Overwrite or degauss with a degausser matched to the tape’s coercivity | Disintegrate or incinerate |
What Changed in NIST SP 800-88 Rev. 2?
In September 2025, NIST published SP 800-88 Rev. 2, replacing Rev. 1 from 2014.
The main goal remains the same: make sure sanitized data can’t be recovered using reasonable effort and resources. What changed is how NIST expects organizations to manage that process.
The biggest updates include:
- More Focus on Media Sanitization Program – Rev. 2 places more emphasis on policies, roles, decision criteria, records and evidence. In practice, organizations should define who is responsible for sanitization, which methods are approved and how results are documented.
- Less Focus on Device-by-Device Instructions – Rev. 1 was often used to choose a sanitization method for a specific device. Rev. 2 takes a broader view and encourages consistency across the full media life cycle.
- Fewer Technical Details Inside the NIST Guide – Rev. 2 no longer provides detailed sanitization techniques for each media type. Storage technology changes quickly, so NIST now points organizations to external standards such as IEEE 2883, NSA/CSS policies or another standard approved by the organization.
- Continued Focus on Clear, Purge & Destroy – The 3 sanitization methods remain the same. What changes is the stronger focus on process, documentation and proof.
Building a Media Sanitization Program
A media sanitization program is the set of rules and records an organization uses to control how its media is sanitized. Under Rev. 2, building one is the main change as NIST now expects the process to be planned and documented, not just carried out. A program usually covers four parts:
- Policy – A written policy sets the organization’s rules for sanitization, including the approved methods and standards.
- Roles & Responsibilities – The policy names who decides, who carries out the sanitization and who verifies it, for example IT staff, data owners and security officers.
- Decision Criteria – The program defines how to choose between clear, purge and destroy, based on the data’s sensitivity, the media type and whether the device will be reused.
- Records & Evidence – Every sanitization is recorded, usually with a Certificate of Sanitization for each asset, so the outcome can be proven later.
In practice, Rev. 2 does not change the basic idea of media sanitization. It changes the level of control expected around it.
Verifying & Validating Results Under the NIST SP 800-88 Guidelines
Sanitization does not end when the tool finishes running. You still need to check the result. NIST SP 800-88 Rev. 2 separates this into 2 steps: verification and validation.
Verification checks whether the sanitization technique completed as expected. For clear and logical purge methods, this usually means reviewing the tool’s completion status and checking for errors, anomalies or signs of an unhealthy drive. For physical destruction, it means inspecting the remnants and confirming which equipment was used.
Validation confirms that what you did was enough.
The two steps are easy to confuse.
Verification answers “did we do what we planned?” – the tool ran and reported success.
Validation answers “was that enough?” – the right method for the data’s sensitivity, with nothing recoverable left behind.
A process can pass verification and still fail validation, in two ways. The method may not have worked: degaussing an SSD completes as an operation, but the data stays on the drive. Or the method may have worked yet been too weak for the data: a tool can overwrite a drive and report success, but if policy requires physical destruction at that sensitivity level, the result still fails validation. Either way, the result should be rejected and a stronger method used.
One practical change in Rev. 2 is that full or representative sampling of drive contents is no longer expected after clear or purge methods, unless your organization’s own policy requires it.
Finally, the result should be documented. NIST includes an updated Certificate of Sanitization template that records the media, sanitization method, technique, tool used, verification status, validation result and the people involved in the process.
For the full process, consult the latest NIST SP 800-88 Guidelines for Media Sanitization.
About BCWipe Total WipeOut
BCWipe Total WipeOut is a data wiping solution that securely erases entire drives beyond forensic recovery. If you are looking to follow the NIST guidelines for purging your data, BCWipe Total WipeOut makes it simple with a media sanitization solution that allows you to meet the NIST 800-88 standard in just a click. Verifying and validating your sanitization results and completing the necessary certificates can be easily done with the customizable wiping reports feature of BCWipe Total WipeOut – Enterprise Edition.
To get started with Jetico’s secure data wiping solution, begin your free trial of BCWipe Total WipeOut today.
Frequently Asked Questions (FAQs)
NIST SP 800-88 provides guidance on how to remove data from electronic media so it can’t be recovered even with forensic techniques. The guidelines help organizations reduce the risk of data leaks by defining standardized sanitization methods. Although created for U.S. government use they are now widely adopted across many industries.
Clearing overwrites user addressable data and protects against basic recovery attempts. Purging provides stronger sanitization using methods such as block erase or cryptographic erase and protects against advanced lab attacks. Destroying renders the media unusable through physical damage. Purging is often preferred because it preserves the device for reuse and reduces e waste.
Verification checks whether the sanitization technique completed as expected. This process can include reviewing the tool status, checking for errors and looking for signs that the media was unhealthy or the process failed.
Validation goes one step further. It decides whether the result should be accepted or rejected based on the verification results, the sensitivity of the data and any remaining risk.
Under Rev. 2, full or representative sampling of drive contents is not expected after Clear or Purge methods, unless your organization’s own policy requires it. The focus is on checking the outcome, recording it on a Certificate of Sanitization and deciding whether the sanitization was effective.
BCWipe Total WipeOut is Jetico’s full drive wiping solution designed to meet NIST 800-88 purging standards. It overwrites all data, including hidden areas, and generates customizable reports to support verification and auditing. For organizations wiping at scale, BCWipe Total WipeOut Enterprise Edition simplifies compliance with centralized management and documentation.
Yes. NIST SP 800-88 applies to HDDs, SSDs, NVMe drives and other storage media. However, Rev. 2 no longer gives detailed sanitization instructions for every media type. For device-specific techniques, organizations should follow appropriate standards such as IEEE 2883, NSA/CSS specifications or another approved internal standard.
Related Articles
Data Sanitization 5 Common Myths
Hardware Decommissioning Process: A 5-Step Checklist
The Ultimate Guide to Deleting Files Permanently
IEEE 2883-2022 Standard for Sanitizing Storage
CMMC 2.0 Levels, Controls & Framework for Media Sanitization Requirements
IRS Publication 4812 & How to Comply with Wiping Standards
How to Securely Wipe Your Windows 11 Computer Clean
How to Wipe a Hard Drive on a Dead Computer
How to Wipe an NVMe Drive
How to Delete Files on SSD
How to Obtain a Certificate of Destruction