What is NIST SP 800-88?

NIST Special Publication 800-88 (Rev. 1) is a widely used guideline for media sanitization—how to remove data from storage devices so recovery is not feasible at the required risk level.

What is the difference between Clear, Purge, and Destroy?

Clear generally uses logical techniques to remove data; Purge uses methods that make recovery infeasible even with laboratory techniques; Destroy uses physical destruction so the media cannot be used again.

Does NIST 800-88 require shredding?

Not always. NIST 800-88 provides method categories and outcomes. Some environments can use verified wiping; others require physical destruction based on policy and risk.

What documentation is typically needed?

Teams usually want evidence that ties actions to devices (where identifiers exist), shows the sanitization method, and supports a coherent chain-of-custody narrative.

NIST SP 800-88 Explained (Clear / Purge / Destroy)

Why NIST 800-88 comes up in real conversations

Most organizations do not get in trouble because they recycled electronics—they get in trouble because they cannot explain what happened to data-bearing devices under their responsibility. NIST SP 800-88 is a practical framework for turning “we wiped it” into an outcome you can defend.

You will see NIST 800-88 referenced in policies, vendor questionnaires, cyber insurance questions, and breach response postmortems. It is a way of standardizing the “how” behind device retirement.

Clear vs Purge vs Destroy (plain language)

NIST 800-88 defines sanitization categories. The categories are less about marketing terms and more about risk boundaries.

Clear: logical techniques that remove data in a way that blocks typical software-based recovery. This is common when media stays in controlled environments and risk is moderate.
Purge: methods that make recovery infeasible even with advanced laboratory techniques. This is often the expectation for higher risk environments or certain media types and policies.
Destroy: physical destruction so the media cannot be reused. This is used when policy or risk tolerance does not allow any chance of recovery.

The best operational approach is usually: decide the required outcome by policy and risk, then choose a method that reliably produces that outcome for the media type.

Verification (the part most people skip)

“We ran a wipe tool” is not the same as “the device was sanitized.” Verification is the bridge between effort and evidence. In practice, verification means you can show that the method completed and met the intended outcome for that device or class of devices.

If your security team cares about defensibility, they usually care about verification more than buzzwords—because verification is what survives a compliance review.

Documentation and chain of custody (what stakeholders want)

Documentation is about reconciling reality. A good record set helps a team answer:

What equipment left the building?
Who had custody during transport?
What sanitization or destruction path was used?
What was the final disposition (reuse, parts recovery, recycling)?

If you want the custody layer explained end-to-end, read why chain of custody matters.

Wiping vs shredding (why policies differ)

Some policies allow verified wiping. Others mandate physical destruction for specific asset classes. This is typically driven by sensitivity, threat model, and the cost of being wrong.

We break down the practical differences in wiping vs shredding.

Related service page

If you’re evaluating vendors, our operational approach is described on hard drive destruction & wiping.

NIST SP 800-88 (Rev. 1) — data sanitization explained