The U.S. government's reference standard for media sanitization, explained for people who have to actually make destruction decisions — not just buy a service.
The short version
NIST Special Publication 800-88 Revision 1 is the U.S. government's reference document for media sanitization. It defines three sanitization categories — Clear, Purge, and Destroy — and explains which one applies to which type of media under which circumstances.
If your auditor asks "how do you sanitize data?", "NIST 800-88 aligned" is the right answer. But you should know what that actually means.
The three categories, explained
Clear
Clear means using logical techniques to sanitize data in all user-addressable storage locations. In practice, this is the kind of sanitization you'd do for a device that's staying inside your organization's trust boundary — a laptop being reassigned to another employee, for example.
Examples: a single-pass overwrite of a hard drive, a factory reset on a properly-encrypted phone, or `cryptographic erase` on a self-encrypting drive.
Purge
Purge applies physical or logical techniques that render data recovery infeasible using state-of-the-art laboratory techniques. This is what you want for devices leaving your environment but still having resale or reuse value.
Examples: a vendor-grade firmware-level secure erase on an SSD, a multi-pass overwrite on a magnetic drive, or a degausser (for magnetic media specifically — degaussers don't work on SSDs).
Destroy
Destroy means rendering the media unable to be used for storage. This is required when:
- The media is end-of-life and has no further use
- Regulatory or contractual requirements demand physical destruction
- The cost or risk of a Purge process exceeds the value of preserving the media
Examples: shredding, disintegration, incineration, or pulverization. NIST gives specific particle-size requirements depending on media type.
The SSD problem
Solid-state drives present a unique challenge. Their internal wear-leveling and overprovisioning mean a software overwrite cannot guarantee every storage cell has been touched. NIST 800-88 specifically calls this out: cryptographic erase (where the encryption key for the encrypted-by-default drive is destroyed) is the only reliable Purge method, and physical destruction is the only reliable Destroy method.
If a vendor offers to "wipe" your SSDs without telling you which of these methods they're using, ask. The answer matters.
What a real Certificate of Destruction contains
A defensible Certificate of Destruction lists every device by:
- Manufacturer and model
- Serial number
- Asset tag (if provided)
- Method of destruction (Clear / Purge / Destroy + technique)
- Date, location, and responsible technician
- A signature from the responsible party at the destruction provider
If your "certificate" is a single page listing "47 hard drives destroyed on March 14," that's not actually defensible. Insist on a serial-level manifest.
How CCRAMM does it
Our destruction process is documented and serialized end to end — see our data destruction service page for details. We deliver every certificate as a signed PDF plus a machine-readable CSV that imports cleanly into asset management systems.
Need help with this in your business? Contact CCRAMM Technical Services — we respond to inquiries within one business day.