• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Metals
    • Precious Metals
    • Copper Alloys
      • Bronze & Brass
      • Master Alloys
  • ITAD
    • What is ITAD?
    • IT Inventory Services
    • ITAD Programs
      • Data Center Services
      • On-Site ITAD Services
      • Box Program
      • ITAD Processing Facilities
    • IT Asset Recycling
    • IT Asset Remarketing
    • Secure Data Destruction
      • Secure Data Wiping
      • Shredding and Crushing
      • Degaussing
      • FIREMELT™
    • Reporting
  • Secure Destruction
  • About
    • Why work with Sipi?
    • Certifications
    • Leadership
    • Coverage Map
    • Our Markets
    • Careers
    • ITAD White Papers and Case Studies
    • News
    • Events
  • Blog
  • Contact
    • Locations
  • Español

Sipi

blog

Home / Blog / The Efficiencies of NIST-Compliant Data Sanitization

The Efficiencies of NIST-Compliant Data Sanitization

More isn’t always better, and that can apply to how your company securely disposes of end-of-life data bearing IT assets. This is particularly relevant in reference to how the data is wiped, i.e., sanitized. A little bit of history can explain why the best solution for most companies today has changed.

It’s very likely you’ve heard of “DoD wipe” or the “DoD standard,” which generally refers to the Department of Defense (DoD) 5220.22-M, which specifies a process overwriting hard drives with patterns of ones and zeros. The process requires three secure overwriting passes and a verification at the end of the final pass. For many years, this was used as the gold standard for data sanitization.

Multiple passes were the standard.

In those days, the common mantra was that multiple passes were required for an effective data wipe. This originated — at least in part — due to a study in 1996 that was published by Peter Gutmann. He suggested that data needs to be wiped 30 times or more to be considered irrecoverable. Indeed, as WhiteCanyon points out, hard disk drives built in the late 90’s and very early 2000’s could show what are called “bit shadows” remaining after a data wipe. These are locations on the wiped drive that could potentially reveal what was written in that location.

What is the NIST?
images (1)

The DoD standard has remained very much alive throughout the years and is still used to this day. However, emerging technology demands a better data wiping solution, especially as companies seek to maximize value from their disposition efforts. This is where NIST comes in.

NIST, also known as the National Institute of Standards and Technology, established the 800-88r1 “Guidelines for Media Sanitization” for this purpose. In fact, the standards outlined by NIST have been adopted by the Department of Defense themselves.

Why is NIST such an efficient solution?

The NIST Guidelines outline a clear approach of sanitization for every device type, segmented by three overarching levels of procedure: Clear, Purge, and Destroy. Generally, the Clear step of the guidelines advises a data wipe with a minimum of one overwrite pass — as contrasted with a minimum requirement of multiple passes. (Of course, this depends on the device, and the 800-88 Guidelines cover devices ranging from non-magnetic media to mobile devices as well.)

So, why does the age-old cliché of “more is better” not hold true in this case?

Better technology means only one wipe is usually required: Technicians from Sipi Asset Recovery explain that, years ago, the magnetic head in hard disk drives were simply not as precise or accurate — nowhere near the precision of HDDs today. Therefore, the wiping process itself is that much more precise — meaning one overwrite pass is enough to sanitize most modern drives where this procedure is applicable.

NIST saves time: Time is money, and a single overwrite pass will indeed save time as well. Our technicians estimate that, in real-world scenarios, DoD wipes can take up to 4 times as long to complete compared to a NIST-compliant single pass wipe; e.g., 40 hours vs. 10 hours.

NIST is better for the environment: As the time required to sanitize drives is shorter, wiping hard drives per the NIST standard saves energy and electricity and is thus more ecologically conservative.

In the end, all current methodologies can satisfy most requirements. What is important is “choice.” Specifically that companies have a choice for data sanitization, and may employ the method that is most optimal for any element of cost, efficiency, data security or supply-chain considerations. Sipi Asset Recovery offers a true “portfolio” of choices in Data Destruction methods. Reach out to us to learn more.

Want to learn more? Let us know.

How can Sipi help you? We’re ready to listen

Footer

Sipi Metals Corp.
1720 N. Elston Avenue
Chicago, Illinois 60642-1579
(800) 621-8013
(773) 276-0070
sales@sipi-metals.com
hr@sipi-metals.com for Recruiting, Legal
or Human Resource Questions

Sipi Asset Recovery
1300 W.N. Thorndale Avenue
Elk Grove Village, Illinois 60007
(847) 750-9350
sales@sipiAR.com

    

© 2022 SIPI METALS CORP  /  PRIVACY POLICY

HOME

ABOUT

CERTIFICATIONS

RESOURCES

COMMUNITY

CAREERS

CONTACT US

PRECIOUS METALS

COPPER ALLOYS

IT ASSET DISPOSITION

SECURE DESTRUCTION

NEWS

ITAD BLOG

COMPANY HISTORY

Sipi Corp Logo

  • Español

CONTACT US

"*" indicates required fields

Name*
Sipi Asset Recovery values your trust - data security is in the heart of what we do. By clicking below, you are providing consent for Sipi to securely store your data so we can respond to your request. For more information on how we protect your data, see our Privacy Policy. We look forward to getting in touch!
Sipi Asset Recovery values your trust - data security is in the heart of what we do. By clicking below, you are providing consent for Sipi to securely store your data so we can respond to your request. For more information on how we protect your data, see our Privacy Policy. We look forward to getting in touch!
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Name*
Hidden
GDPR Agreement*
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Name*
GDPR Agreement*
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Name*
Hidden
GDPR Agreement*
This field is for validation purposes and should be left unchanged.