speakerNEW!iShredder™ Business for iOS and Android are now available for Enterprise users.Learn more

Is iShredder NIST SP 800‑88 compliant? Do you have a Self-Declaration?

This self-declaration attests that the iShredder™ software (for Android, iOS, Windows, macOS, and Windows Server) implements the guidelines set out in NIST Special Publication 800‑88 Revision 1 – Guidelines for Media Sanitization. Published by the U.S. National Institute of Standards and Technology (NIST), this document describes best practices for irretrievable data erasure (“Media Sanitization”).

NIST SP 800‑88 differentiates three security levels:

  1. Clear (logical erasure/overwriting)
  2. Purge (advanced methods, including hardware-based erase commands or cryptographic techniques)
  3. Destroy (physical destruction)

Since NIST SP 800‑88 is not a certifiable standard in the classical sense, proof of compliance is demonstrated by implementing the recommended methods and by maintaining comprehensive documentation of the erasure processes. Many organizations—from government agencies to cloud providers—adhere to these guidelines to ensure secure data disposal.
 

1. Data Classification and Choice of Erasure Method

NIST SP 800‑88 emphasizes that the choice of erasure method (Clear, Purge, or Destroy) should be based on a data classification process:

  • Clear: Sufficient for less sensitive data.
  • Purge: For data requiring protection even against advanced forensic analysis.
  • Destroy: For data that must under no circumstances be recovered and where the storage device will not be reused (physical destruction).

iShredder™ supports this process by providing all relevant methods. Administrators and responsible parties can select and document the appropriate function (Clear/Purge) based on their required security level.


2. NIST SP 800‑88 – Requirements for Data Erasure

2.1 Clear (Erasure)

  • Definition:
    A logical erasure method involving at least one overwrite pass on all user-addressable storage areas with predefined patterns (e.g., zeros or random values).
  • Goal:
    Prevent data recovery by ordinary software tools.
  • Limitations:
    In rare cases, specialized lab procedures (especially on older HDDs) may still retrieve some traces. Therefore, Clear is not always sufficient for highly sensitive data.

2.2 Purge (Secure Sanitization)

  • Definition:
    Advanced methods designed to withstand sophisticated forensic analysis. In addition to (multiple) overwrite passes, these methods may use hardware commands (Secure Erase, Sanitize) and cryptographic erasure (Crypto Erase).
  • Goal:
    Reliably remove data even from difficult-to-access areas (e.g., HPA/DCO, wear-leveling reserves on SSDs).
  • Example Procedures:
    ATA Secure Erase or Sanitize commands (Block Erase, Crypto Erase).
    Removing/disabling HPA (Host Protected Area) and DCO (Device Configuration Overlay).
    Cryptographic erasure by eliminating the encryption key (self-encrypting drives, iOS devices with a Secure Enclave, etc.).

2.3 Destroy (Physical Destruction)

  • Definition:
    Physical destruction (e.g., shredding, pulverizing, burning) that makes data recovery practically impossible.
  • Application:
    Recommended when storage media will not be reused or is severely damaged, rendering software-based methods (Clear/Purge) ineffective.


3. Implementation in iShredder™

iShredder™ is designed to enable Clear and Purge erasure methods in various platform environments (Android, iOS, Windows, macOS, Windows Server) according to NIST SP 800‑88. The software additionally supports automated verification and generates detailed erasure reports.

3.1 Clear Methods in iShredder™

  • Single Overwrite:
    iShredder™ overwrites all logical sectors of the storage device by default with a fixed or random pattern (e.g., 0x00, 0xFF, or random bytes).
  • Verification:
    After overwriting, either a spot-check (partial) or a full verify (complete) readback of the overwritten sectors may be performed to ensure that all areas have been correctly overwritten.
  • Documentation:
    For each erasure process, iShredder™ creates an erasure log, which includes:
    - Date and time
    - Responsible operator
    - Device or drive details (serial number, model)
    - Overwrite pattern used
    - Verification results (number of sectors read, any errors)

This meets the NIST requirements for Clear.
 

3.2 Purge Methods in iShredder™

Purge shares some techniques with Clear but includes additional hardware-based or cryptographic erasure options to thwart advanced forensic recovery attempts:

Hardware Commands:
ATA Secure Erase or Sanitize (Overwrite EXT, Block Erase, Crypto Erase) for compatible HDDs/SSDs.
Disabling/removing HPA and DCO so that no hidden sectors remain untouched.
Depending on the device: Executing native manufacturer resets to instruct the internal storage controller to erase all flash blocks or cache areas.

Cryptographic Erasure (Crypto Erase):
For self-encrypting drives (SEDs) or iOS devices (Secure Enclave), iShredder™ can selectively remove the encryption key, making data unreadable without that key.
A subsequent verification step is offered (e.g., to confirm that all sectors have been overwritten or are no longer readable).

Verification & Reporting:
After the chosen Purge method, iShredder™ performs a validation.
All results are recorded in a signed erasure report (including “NIST-Purge status”).

Hence, iShredder™ meets the NIST requirements for Purge—especially critical for SSDs and mobile devices, where wear-leveling mechanisms can defeat simple multiple overwrites.


3.3 Destroy Methods

iShredder™ does not itself perform any physical destruction (Destroy). If a storage device is severely damaged and cannot be fully overwritten, or contains data of a particularly high protection class where reuse is not permitted,
NIST SP 800‑88 indicates that physical destruction might be the only viable option. iShredder™ documents incomplete erasures (e.g., due to defective sectors), allowing the organization to initiate Destroy if necessary.
 

4. Special Storage Scenarios

4.1 Damaged or “Problematic” Storage Devices

According to NIST SP 800‑88, damaged drives may have sectors that are inaccessible via software. iShredder™ detects and logs faulty areas. If these cannot be logically overwritten, physical destruction (Destroy) is recommended to reliably prevent any data recovery.

4.2 Virtual Environments / Cloud Storage

Virtual Disks:
iShredder™ can overwrite all data areas (Clear/Purge) within a VM before the virtual disk is decommissioned.

Cryptographic Erasure in the Cloud:
Many cloud providers encrypt customer data by default and simply delete the key (Crypto Erase) upon deprovisioning. iShredder™ can supplement the cloud-based key destruction if there is physical access to the underlying drives (e.g., in a private cloud).

4.3 Mobile Devices (iOS/Android)

  • iShredder™ iOS:
    Uses the hardware-based security core (Secure Enclave) and can remove the system encryption key to achieve Purge.
  • iShredder™ Android:
    Implements overwrite methods and is planning to support OEM-specific commands in order to achieve Purge-level erasure there as well (e.g., via OEM secure-erase functionality on compatible smartphones).
     

5. Verification and Reporting

A key requirement of NIST is to verify whether the erasure method was successful. During the erasure process, iShredder™ automatically provides:

  • Full Verify:
    A complete verification for the highest level of assurance.
  • Erasure Report:
    Contains all relevant details (e.g., serial number, timestamp, erasure method, verification result).

Can be digitally signed for tamper-proof auditing and integrated into ISO 27001, GDPR, or internal asset-disposal processes.
Meets the requirements in Appendix G (Sample Certificate of Sanitization) of NIST SP 800‑88 Revision 1.
 

6. Organizational Aspects and Compliance

  • Organization’s Responsibility:
    Compliance with NIST SP 800‑88 requires each organization to determine internally when Clear, Purge, or Destroy should be used. iShredder™ provides the technical tools; the choice ultimately lies with the user.
  • Other Standards (GDPR, ISO 27001, HIPAA, etc.):
    NIST SP 800‑88 is widely regarded as “state of the art” and can also support compliance with other data protection and security regulations (e.g., GDPR, PCI-DSS, HIPAA). A NIST-compliant erasure process may facilitate GDPR-compliant data removal, for example.
  • Limitations:
    In rare cases (e.g., damaged media, susceptible firmware), a complete Purge or Clear may not be possible. In such scenarios, Destroy or alternative methods must be used. iShredder™ will indicate these exceptions.
     

7. Summary

iShredder™ solutions meet all key requirements of NIST SP 800‑88 Revision 1:

  • Clear:
    At least one overwrite pass of all addressable storage areas, followed by verification.
  • Purge:
    Hardware-based secure-erase/sanitize commands or cryptographic erasure for enhanced security needs (particularly for SSDs and mobile devices).
  • Destroy:
    Not implemented via software in iShredder™; if needed, the solution logs the drive’s status so organizations can carry out Destroy on their own.

Thanks to a NIST-compliant approach and extensive documentation (including verification and reporting functions), data erased with iShredder™ cannot be recovered. Thus, iShredder™ supports companies, government agencies, and other organizations in compliant, auditable, and internationally recognized data disposal.

 

Legal Notice

NIST SP 800‑88 is a recognized guideline rather than a formal certification standard. Responsibility for choosing and performing (Clear, Purge, Destroy) lies with the user or organization.
Physical destruction may be required in cases of extremely sensitive or damaged media. iShredder™ only provides software-based erasure methods.
Disclaimer: The effectiveness of erasure methods requires functioning hardware and proper drive operation. If there are firmware errors or hardware defects, complete software-based erasure may not be feasible.


 

References

NIST Special Publication 800‑88 Revision 1 – Guidelines for Media Sanitization

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

Public Compliance Statements and Whitepapers

Examples: AWS (aws.amazon.com), Microsoft Azure (azure.microsoft.com)

Implementation of NIST SP 800‑88 in cloud infrastructures

Internal Product Documentation and Technical Whitepapers on iShredder™
Detailed information on algorithms, verification, and device compatibility https://www.protectstar.com


This statement has been prepared to the best of our knowledge and reflects the current development status of the iShredder™ software. By implementing Clear/Purge methods (including verification and documentation) in iShredder™, the requirements of NIST SP 800‑88 Revision 1 are met. This enables organizations to provide an auditable record of successful data erasure.

 

Was this article helpful? Yes No
5 out of 5 people found this article helpful
Cancel Submit

Related articles

The New iShredder Mac: Ultimate Data Security, Now Faster and Smarter

The New iShredder Mac: Ultimate Data Security, Now Faster and Smarter
Shaping Security – A Look Behind the Scenes with Chris Bohn, Founder of Protectstar

Shaping Security – A Look Behind the Scenes with Chris Bohn, Founder of Protectstar
DEKRA MASA L1 Certification for iShredder™ Android: What Does It Mean for You?

DEKRA MASA L1 Certification for iShredder™ Android: What Does It Mean for You?