Author: Jonmichael Hands, Circular Drive Initiative
In the dynamic world of data security, standards for media sanitization play a critical role in safeguarding sensitive information from unauthorized recovery. The recent release of the IEEE 2883-2022 standard provides a fresh perspective on media sanitization, tailored to keep pace with modern storage technologies. This article compares the established NIST SP 800-88r1 and the newly minted IEEE 2883-2022, highlighting their global reach, support for contemporary devices, documentation, and compliance criteria.
IEEE is an international body, and its standards are widely accepted and used globally. NIST is a Government Authority and non-regulatory federal agency within the U.S. Department of Commerce. NIST standards do often have implications for policy and regulatory compliance
Support for modern devices
NIST SP 800-88r1 was written in 2014 and published in 2015. The first NVMe SSDs were released in 2014, but NVMe is now the most popular storage interface for SSDs, making up hundreds of millions of devices per year. IEEE 2883-2022 was published in June 2022 and includes the latest media sanitization requirements from modern versions of storage interfaces. IEEE 2883-2022 contains the exact storage interface commands that define a clear and a purge by interface (NVM, SATA, and SAS), quite a few (like NVMe sanitize command) that did not exist yet in 2015. It is worth noting that the authors of IEEE 2883 include the authors of the sanitize specification in all of these storage interfaces, coming from a storage background, and their goal is to leverage the sanitize command for nearly everything in the purge media sanitization process.
Documentation of media sanitization
While NIST 800-88r1 includes a section on documentation, IEEE 2883-2022 does not include a certificate of sanitization and instead relies on the definition in ISO 27040-2023 (Dec publication data estimated)
Deprecation of shred for destruct
The most controversial change in the spec is the deprecation of shred and pulverize as forms of destruction for HDD and SSDs. IEEE 2882-2022 destruct methods are
- disintegrate: Sanitization method designed to completely destroy the storage media by breaking or decomposing (e.g., dissolving with acid) it into its constituent elements, parts, or small particles;
- incinerate: Sanitization method designed to completely destroy the storage media by burning until it is reduced to ashes; and
- melt: Sanitization method designed to completely destroy the storage media by liquefying it, generally through the application of heat.
The reasoning behind this is that storage media density is increasing rapidly, with modern hard drives at hundreds of thousands of tracks per square inch. If the shred method (which some people still think breaking an HDD in half is shredding) leaves large particle sizes, these can be put into laboratory equipment for data reconstruction. The increasing risks associated with increased storage density may drive companies and organizations to take another look at still effective and future-proof purge techniques.
IEEE 2883-2022 Section 6.4
“Although pulverize and shred were once adequate forms of destruct, improvements in reconstruction technology and increases in the density of information on the storage media have rendered these techniques ineffective for storage media other than for low-density storage media (e.g., hardcopy and floppy disks).”
NSA/CSS POLICY MANUAL 9-12 STORAGE DEVICE SANITIZATION AND DESTRUCTION MANUAL
Disintegration—disintegrate into particles that are nominally 2 millimeters in size on edge. It is highly recommended to disintegrate hybrid IS storage devices in bulk lots with other storage devices.
Compliance and certification
IEEE 2883-2022 is written so that there can be compliance to the requirements in the specification. Most users of NIST SP 800-88r1 don’t understand that it only provides guidelines, not any actual requirements. The IEEE committee that developed IEEE 2883-2022 is exploring an IEEE conformance assessment program by which device manufacturers and software developers ensure that they are performing purge operations to the specification requirements.
Family of specifications
The IEEE Security in Storage Work Group (SISWG) plans to develop a family of specifications that will include s Recommended Practice for Use of Storage Sanitization Methods (2883.1) targeted for the first half of 2024, and Recommended Practice for Virtualized and Cloud Storage Sanitization (2883.2). IEEE SISWG will be able to update the specification to adjust to industry feedback and relevant technology changes (e.g., new specification updates to NVMe). This will be done on a much faster cadence. The IEEE SISWG members are also tightly coupled with all things storage security. IEEE 2883-2022 is the companion specification of ISO 27040 which offers a big picture for data security and certificates of sanitization intended for use alongside IEEE 2883-2022.
Dedicated Sustainability Section
The sustainability section in IEEE 2883-2022 documents a relatively new use case for purge operations. Media sanitization is critical in advancing the circular economy within the ICT industry. Reusing storage devices can reduce electronic waste (e-waste) and mitigate embodied carbon emissions from manufacturing storage media and devices. The effective media sanitization methods defined in IEEE 2883-2022 ensure that companies have the option to safely reuse data-bearing devices and repurpose them rather than discarding and recycling them.
Open to interpretation
While we mentioned that NIST SP 800-88r1 doesn’t actually contain requirements, only recommendations, there are areas, in my opinion, that are too open for interpretation. Take, for instance, the NIST Figure 4-1 below, which the document recommends using as follows:
“The risk decision should include the potential consequence of disclosure of information retrievable from the media, the cost of information retrieval and its efficacy, and the cost of sanitization and its efficacy. Additionally, the length of time the data will remain sensitive should also be considered. These values may vary between different environments.” Information Sanitization and Disposition Decision Making, NIST SP 800-88r1
While NIST SP 800-88r1 mentions users “can” use the diagram to make decisions, some people interpret this as a requirement. This is an incorrect interpretation. Specs will use “shall” when things are mandatory and “should” when they are optional but recommended.
This diagram has caused a lot of confusion, since almost all companies classify their data as high security and think they should just destroy the device when this is optional with proper purge media sanitization.
The IEEE 2883-2022 emerges as a forward-thinking standard that addresses the current and future needs of media sanitization in an increasingly digital and environmentally conscious world. The IEEE SISWG (Security in Storage Working Group) is dedicated to supporting the continuous improvement of the family of specifications supporting storage security and media sanitization. It stands in contrast to the older NIST SP 800-88r1, which, while still influential, does not encapsulate the rapid advancements in storage technology. As organizations navigate the complexities of data security, understanding the nuances of these standards becomes paramount to ensure compliance, enhance sustainability, and maintain the integrity of sensitive data.