• 6.1 IEEE P2883 Draft Standard for Sanitizing Storage
  • 6.1.1 Data Sanitization
  • 6.1.2 Storage Sanitization
  • 6.1.3 Media Sanitization
  • 6.1.4 Clear
  • 6.1.5 Purge
  • 6.1.6 Destruct
• 6.2 Updated ISO/IEC CD 27040 Information Technology Security Techniques–Storage Security
• 6.3 Summary

There is no better indicator of the rising importance of effective data sanitization than the activity from standards bodies. Both the Institute of Electrical and Electronics Engineers (IEEE) and the International Standards Organization (ISO) are introducing new data sanitization standards. While NIST Special Publication 800-88 provided good direction when it was originally published and served to clear up the need for many overwrite passes, it is generally considered to be in dire need of an update.

Always keep in mind that standards usually precede regulations by several years. As regulatory agencies seek to impose more data rules in the future, they may incorporate these standards as a requirement. If you are building out your own data sanitization policies, responsibilities, workflows, and audit requirements, starting with these standards will help you be in line with future industry or government requirements.

6.1 IEEE P2883 Draft Standard for Sanitizing Storage

The proposed IEEE P2883 Standard for Sanitizing Storage is in its 15th draft as we go to press and is out for public comment. Note that the new standard is focused on hardware, not data. Data center operators, manufacturers, ...