top of page

NIST Guide to Media Sanitization

NIST Special Publication 800-88 sets standards for media sanitization. The concept addresses controlling access to sensitive information. Organizations have to ensure that data cannot be reconstructed from residual data. For a given category of confidentiality, it must not be feasible to retrieve the data for a commensurate level of effort.


1. Information unintentionally stored in media should be accounted for.

2. Media sanitization usually happens when ESI is disposed of.

3. Senior management must be responsible for media sanitization.

4. Different media stora devices should be assigned different levels of confidenetiality.



5. There are three methods of media sanitization:

a. Clear - overwrite data with non-sensitive information.

b. Purge - block erase and cryptographic erase will make it infeasible to recover data.

c. Destroy- the data is physically destroyed through incineration or other techniques.


Appendix A to this NIST guide specifies how different types of media should be sanitized. For example, network routers should be reset to default settings to be cleared; only certain routers have purge capabilities such as block erasing; destroying a router requires a licensed incinerator.





Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page