speakerNEW!iShredder™ Business for iOS and Android are now available for Enterprise users.Learn more

Is iShredder compatible with NIST SP 800-88? What is the conformity declaration?

This self-declaration confirms that the iShredder™ software (for Android, iOS, Windows, macOS, and Windows Server) implements the guidelines of NIST Special Publication 800-88 Revision 1 – Guidelines for Media Sanitization. This document, published by the U.S. National Institute of Standards and Technology (NIST), describes best practices for irreversible data deletion (“media sanitization”).

NIST SP 800-88 distinguishes between three security levels:

  1. Clear (logical deletion/overwriting)
  2. Purge (enhanced methods, including hardware-based erase commands or cryptography)
  3. Destroy (physical destruction)

Because NIST SP 800-88 is not a certifiable standard in the traditional sense, proof of conformity is provided through the implementation of the recommended methods and the complete documentation of the erasure processes. Many organizations — from government agencies to cloud providers — rely on these guidelines to ensure secure data disposal.
 

1. Data classification and selection of the erase method

NIST SP 800-88 emphasizes that the selection of the appropriate erase method (Clear, Purge, or Destroy) should be based on data classification:

  • Clear: sufficient for less sensitive data.
  • Purge: for data that must also be protected against advanced forensic analysis.
  • Destroy: for data that must never be recoverable and where reuse of the storage medium is not required (physical destruction).

iShredder™ supports this process by making all relevant methods available. Administrators and responsible personnel can select and document the appropriate function based on their required security level (Clear/Purge).

 

2. NIST SP 800-88 – requirements for data erasure

2.1 Clear

  • Definition:
    A logical erase method using (at least) one overwrite pass across all user-addressable storage areas with predefined patterns (for example zeros or random values).
  • Goal:
    Simple software tools should no longer be able to recover the data.
  • Limitations:
    In rare cases, specialized laboratory procedures (for example on older HDDs) could still find traces, which is why Clear is not always sufficient for highly sensitive data.

2.2 Purge

  • Definition:
    Enhanced methods that also withstand advanced forensic analysis. In addition to (multiple) overwriting procedures, this particularly includes hardware commands (Secure Erase, Sanitize) and cryptographic erasure (Crypto Erase).
  • Goal:
    Even difficult-to-reach data areas (for example HPA/DCO and wear-leveling reserve areas on SSDs) are reliably removed.
  • Example procedures:
    ATA Secure Erase or Sanitize commands (Block Erase, Crypto Erase).
    Removing/disabling HPA (Host Protected Area) and DCO (Device Configuration Overlay).
    Cryptographic erasure by destroying the encryption key (self-encrypting drives, iOS devices with Secure Enclave, etc.).

2.3 Destroy

  • Definition:
    Physical destruction (for example shredding, pulverizing, burning), making recovery practically impossible.
  • Application:
    Recommended when storage media are not intended to be reused or are severely damaged, so that software methods (Clear/Purge) can no longer work.
     

3. Implementation in iShredder™

iShredder™ was designed to make the erasure methods defined by NIST SP 800-88 — both Clear and Purge — usable across different platform environments (Android, iOS, Windows, macOS, Windows Server). The software also supports automated verification and creates detailed erasure reports.

3.1 Clear procedures in iShredder™

  • Single overwrite:
    By default, iShredder™ overwrites all logical sectors of the storage medium with a fixed or random pattern (for example 0x00, 0xFF, or random bytes).
  • Verification:
    After the write process, iShredder™ can optionally perform either a spot check or a full verification of the overwritten sectors. This ensures that all areas were overwritten correctly.
  • Documentation:
    For each erasure process, iShredder™ creates an erasure log that includes, among other things:
    - date and time
    - responsible operator
    - device or drive data (serial number, model)
    - erase pattern used
    - verification result (number of sectors read, any errors)

This means iShredder™ meets the NIST requirements for Clear.
 

3.2 Purge procedures in iShredder™

Purge relies partly on the same techniques as Clear, but expands them with hardware-assisted or cryptographic erase approaches to defeat advanced forensic recovery attempts:

Hardware commands:

  • ATA Secure Erase or Sanitize (Overwrite EXT, Block Erase, Crypto Erase) for compatible HDDs/SSDs.
  • Disabling/removing HPA and DCO so that no hidden sectors remain untouched.
  • Depending on the device: execution of native manufacturer reset procedures that instruct the internal storage controller to erase all flash blocks or cache areas.
     

Cryptographic erasure (Crypto Erase):
For self-encrypting drives (SEDs) or iOS devices (Secure Enclave), iShredder can specifically remove the encryption key. Without that key, the data becomes unreadable.
In addition, a verification step is available that checks, for example, whether all sectors were rewritten or are no longer readable.
 

Verification & reporting:
After the selected Purge process, iShredder™ performs validation. All results are documented in a signed Erasure Report (including “NIST Purge status”).

This means iShredder™ meets the NIST requirements for Purge. This is especially important for SSDs and mobile devices, where wear-leveling mechanisms can undermine simple multiple overwrites.
 

3.3 Destroy procedures

iShredder™ itself does not perform physical destruction (Destroy). If a storage medium:
is heavily damaged and cannot be fully overwritten, or contains data of an especially high protection class and must not be reused, physical destruction may be the only option under NIST SP 800-88.
In such cases, iShredder™ documents if an erase process remained incomplete (for example because of defective sectors), so that the organization can initiate Destroy if necessary.
 

4. Handling special storage scenarios

4.1 Defective or “difficult” storage media

According to NIST SP 800-88, damaged drives may make it impossible to access all sectors through software. iShredder™ detects and logs faulty areas. If it is impossible to overwrite them logically, physical destruction (Destroy) is recommended to make any remaining data reliably inaccessible.

4.2 Virtualized environments / cloud storage

Virtual disks: iShredder™ can overwrite all data areas inside a VM (Clear/Purge) before the virtual drive is disposed of.

Cryptographic erasure in the cloud: Many cloud providers encrypt customer data by default and, upon deprovisioning, simply delete the key (Crypto Erase). iShredder™ can supplement the cloud-side key destruction if physical access to the underlying drives exists.

4.3 Mobile devices (iOS/Android)

  • iShredder™ iOS: uses the hardware-backed security core (Secure Enclave) and can remove the system encryption key to achieve Purge.
  • iShredder™ Android: implements overwrite procedures and plans support for manufacturer-specific commands to reach a Purge level there as well (for example through OEM secure erase functions on compatible smartphones).
     

5. Verification and reporting

A central NIST requirement is verification (Verify) of whether the erase process was successful. During the erase process, iShredder™ automatically offers:

Full Verify:
Full Verify (complete verification) for maximum security.

 

Erasure Report:

Contains all relevant information (for example serial number, time, erase method, verification result). On request, it can be signed in a tamper-resistant way and integrated into audits (ISO 27001, GDPR, internal asset disposal processes). It supports the requirements of Appendix G (Sample Certificate of Sanitization) of NIST SP 800-88 Revision 1.


6. Organizational aspects and compliance

  • Responsibility of the organization:
    Compliance with NIST SP 800-88 requires the organization to define internally when Clear, Purge, or Destroy will be applied. iShredder™ provides the technical tools; the decision lies with the user.
  • Other standards (GDPR, ISO 27001, HIPAA, etc.):
    NIST SP 800-88 is accepted in many cases as the “state of the art” and can support compliance with other privacy and security requirements (for example GDPR, PCI-DSS, HIPAA). A NIST-compliant erase process can, for example, make GDPR-compliant data removal easier.
  • Limitations:
    In rare cases (for example damaged media or firmware susceptible to manipulation), it may be impossible to perform a full Purge or Clear. In such situations, Destroy procedures or alternative methods must be used. iShredder™ points out such exceptional cases.
     

7. Summary

The iShredder™ solutions fulfill all central requirements of NIST SP 800-88 Revision 1:

  • Clear: at least one overwrite of all addressable storage areas, followed by verification.
  • Purge: hardware-assisted secure erase/sanitize commands or cryptographic erasure to meet higher security requirements (especially for SSDs and mobile devices).
  • Destroy: not implemented in iShredder™ at the software level, because physical destruction is outside the scope of the software. Where needed, iShredder™ documents the erase status so that organizations can initiate the Destroy procedure on their own.

Through its NIST conformity approach and comprehensive documentation (including verification and reporting functionality), iShredder™ ensures that deleted data can no longer be recovered. This supports businesses, authorities, and other organizations in legally compliant, auditable, and internationally recognized data disposal.
 

Legal notice

NIST SP 800-88 is a recognized guideline, but not a formal certification standard. Responsibility for selection and execution (Clear, Purge, Destroy) lies with the user or the organization.
Physical destruction may be required for highly sensitive or defective media. iShredder performs only software-based erase methods.
Disclaimer: The effectiveness of the erase procedures assumes intact hardware and proper drive functionality. In the event of firmware errors or hardware damage, full software-based erasure may not be possible.
 

Sources

NIST Special Publication 800-88 Revision 1 – Guidelines for Media Sanitization
- https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

Public compliance statements and whitepapers
- Examples: AWS (aws.amazon.com), Microsoft Azure (azure.microsoft.com)
- Implementation of NIST SP 800-88 in cloud infrastructures

Internal product documentation and technical whitepapers on iShredder™
- Detailed information on algorithms, verification, and device compatibility
- https://www.protectstar.com
 

This declaration has been prepared to the best of our knowledge and reflects the current state of development of the iShredder™ software. With the functions implemented in iShredder™ (Clear/Purge including verification and documentation), the requirements of NIST SP 800-88 Revision 1 are met. Organizations can therefore maintain an auditable proof of successful data deletion.

Was this article helpful? Yes No
14 out of 14 people found this article helpful
Cancel Submit

Related articles

The New iShredder Mac: Ultimate Data Security, Now Faster and Smarter

Shaping Security – A Look Behind the Scenes with Chris Bohn, Founder of Protectstar

DEKRA MASA L1 Certification for iShredder™ Android: What Does It Mean for You?