Using DoD or NIST Data Erasure Standards

Park Place Hardware Maintenance

Parker Published: June 13, 2016

If you manage IT centers for a government entity, you may have heard of data erasure standards like DoD (Department of Defense) and NIST (National Institute of Standards and Technology).

Data Wiping and Erasure Standards to Follow

When working for entities that manage sensitive data, it’s critical that data on legacy equipment doesn’t find its way into the wrong hands. As technology has evolved, so have data destruction standards for government entities.

DoD Data Erasure Standards

DoD standards set a precedent nearly 20 years ago for data wiping and hardware disposal with its DoD Information Assurance Certification and Accreditation Process (DIACAP). DIACAP compliance was developed with high ranking government institutions in mind such as the Pentagon.

Smaller government organizations and civilian agencies also adopted these standards, but face some issues including:

  • Adhering to multiple standards: Organizations not only followed DoD regulations, but also NIST, and others making processes not as efficient.
  • Cost: The DoD standards required multiple data wipes which was not needed for many smaller organizations, using up unnecessary times for the workforce. Ensuring data wiping is in compliance with multiple standards also contributes to costs.

NIST Standards for Hardware Disposal

In 2014, the Department of Defense decided to adopt NIST’s Risk Management Framework standards in place of their own standards. The decision to move to NIST standards would allow the Department of Defense to align with civilian agencies so that all IT systems would comply with the same risk management standards for data wiping.

NIST 800-88 has become the accepted set of guidelines for media disposal, sanitization and data erasure compliance. These data wipe standards and guidelines help to ensure government entities are aligned with the Federal Information Security Management Act (FISMA).

NIST 800-88 consists of several sections and appendices that present proper process flows for data wiping, common techniques, and resources that all government entities can adhere to for their data centers.

If your organization is making hardware disposition and data erasure decisions, know the proper NIST standards when moving forward with your disposal plan.

Get Secure Data Destruction from Trusted Professionals

Being held responsible for the comprehensive NIST and DoD data erasure standards can put reasonable pressure on even the most professional IT managers. Using secure IT asset disposition services can help provide peace of mind and ensure that up to date practices are being followed by experienced professionals.

Contact Park Place Technologies today to learn how our data center professional services can support your immediate needs.


About the Author

Parker, Park Place Assistant