Understanding NIST SP 800-88 Rev. 1 and Media SanitizationTheNIST Special Publication (SP) 800-88 Revision 1, Guidelines for Media Sanitization, provides guidance onsecure disposalof data from various types of storage media to prevent unauthorized access or recovery.
* Clear
* Useslogical techniquesto remove data from media, making it difficult to recover usingstandard system functions.
* Example:Overwriting all datawith binary zeros or ones on a hard drive.
* Applies to:Magnetic media, solid-state drives (SSD), and non-volatile memorywhen the media isreused within the same security environment.
* Purge
* Usesadvanced techniquesto make data recoveryinfeasible, even with forensic tools.
* Example:Degaussinga magnetic hard drive orcryptographic erasure(deleting encryption keys).
* Applies to:Media that is leaving organizational control or requires a higher level of assurance than "Clear".
* Destroy
* Physicallydamages the mediaso that data recovery isimpossible.
* Example:Shredding, incinerating, pulverizing, or disintegratingstorage devices.
* Applies to:Highly sensitive data that must be permanently eliminated.
* B. Clear, Redact, Destroy (Incorrect)- "Redact" is a term used for document sanitization,notdata disposal.
* C. Clear, Overwrite, Purge (Incorrect)- "Overwrite" is a method within "Clear," but it isnot a top-level categoryin NIST SP 800-88.
* D. Clear, Overwrite, Destroy (Incorrect)- "Overwrite" is a sub-method of "Clear," but "Purge" is missing, making this incorrect.
* The correct answer isA. Clear, Purge, Destroy, as these are thethree official categoriesof data disposal inNIST SP 800-88 Revision 1.
References:
NIST SP 800-88 Rev. 1 - Guidelines for Media Sanitization
CMMC 2.0 Security Practices Related to Media Disposal(Aligned with NIST guidance)