NIST 800-88 & IEEE 2883-2022: the destruction standards we use.
Two standards cover modern storage sanitisation: NIST SP 800-88 Rev. 1 (US-government-originated, 2014) and IEEE 2883-2022 (IEEE, 2022). Both define Clear / Purge / Destroy. We use both. Here's the decision tree we apply to every device.
How we choose Clear, Purge, or Destroy
- ♦ Step 1: classify the data. High-sensitivity (PII, PHI, financial, regulated) → minimum Purge.
- ♦ Step 2: classify the storage medium. Magnetic HDD → Clear or Purge or Destroy. SSD/NVMe → Purge (cryptographic erase) or Destroy.
- ♦ Step 3: determine the disposition. Re-use within your org → Clear is sufficient. Resale or remarket → Purge. End-of-life destruction → Destroy.
- ♦ Step 4: pick a method. Clear = single-pass overwrite. Purge = cryptographic erase, secure-erase command, or specialised firmware wipe. Destroy = particle-size shred or disintegration.
- ♦ Step 5: document. Operator, witness, timestamp, method, pass count or batch ID — onto the Certificate of Destruction.
Common scenarios and the method we'd use.
These are typical defaults; the decision is always made per-device against the actual data classification and disposition.
- Bank server, retiring · Purge (cryptographic erase) → resale; Destroy if data classification high
- PHI-bearing PACS · Purge minimum, often Destroy; documented PII removal
- Corporate laptop refresh · Purge (firmware secure-erase) → resale via refurb
- Legacy backup tape · Destroy (degauss + shred); tape is not realistically wipeable
- End-of-life storage array · Purge per drive; arrays often dual-method per drive type
The NIST 800-88 decision tree applied to common 2026 storage technologies.
NIST SP 800-88 Rev. 1 categorises sanitisation as Clear, Purge, or Destroy, with the choice depending on storage technology and data classification. Below is how the decision applies to common 2026 enterprise storage classes.
Magnetic HDDs (3.5" / 2.5" SAS / SATA). Clear via single-pass overwrite is sufficient for low-classification data destined for re-use within the original organisation. Purge via firmware secure-erase or specialised wiping tool for moderate-to-high classification, or for re-sale outside the organisation. Destroy via degauss-then-shred for high-classification or end-of-life disposal.
SATA SSDs. Clear via overwrite is NOT reliable on SSDs because of wear-levelling — the OS-visible blocks and the physical NAND cells are abstracted by the controller. Default is Purge via SATA Secure Erase (the drive's internal AES key is destroyed) or cryptographic erase if the drive is self-encrypting. Destroy via particle-size shred for high-classification.
NVMe SSDs. Same wear-levelling issue. Default is Purge via NVMe Sanitize command (Format with secure erase) or cryptographic erase. Destroy via shred for high-classification or end-of-life.
Self-encrypting drives (SEDs). Cryptographic erase is the fastest and most reliable method — the drive's internal data-encryption key is destroyed, rendering the data unrecoverable in seconds regardless of how much data was stored. Considered Purge under NIST 800-88. Standard for moderate-to-high classification SED drives.
Tape (LTO, DLT, etc). Wiping tape is impractical at any scale. Default is Destroy via degauss-then-shred for high-classification or particle-size shred for everything else.
Optical media (CD, DVD, Blu-ray). Destroy via shred — wiping is not realistically performed.
Server / array internal storage controllers, BMC chips. These can hold configuration data and credentials. Default is Purge via firmware-reset, plus Destroy of the BMC battery for moderate-to-high classification.
Visual reference.
NIST 800-88 data destruction — frequently asked
Is DoD 5220.22-M still relevant?
It's largely superseded by NIST 800-88 for modern storage media. We support DoD 5220.22-M overwrite passes for legacy-compatibility workflows where your auditor expects to see the citation — but the underlying destruction is still chosen via the NIST 800-88 decision tree.
What's the difference between Clear, Purge, and Destroy under NIST 800-88?
Clear is software-based overwrite suitable for re-use within the original organisation. Purge is cryptographic erase, secure-erase command, or specialised firmware wiping suitable for moderate-to-high classification or resale outside the organisation. Destroy is physical destruction (shred, disintegration) for end-of-life or high-sensitivity media. The choice depends on storage technology and data classification — magnetic HDDs typically support all three, SSDs and NVMe default to Purge via cryptographic erase, tape defaults to Destroy.
Why doesn't single-pass overwrite work on SSDs?
Solid-state drives use wear-levelling: the OS-visible blocks are abstracted from the physical NAND cells by the drive's controller. When an OS issues an overwrite, the controller may write the new data to a different physical cell, leaving the original data intact in the original cell. NIST 800-88 was updated specifically to address this. Default for modern SSDs is Purge via the SATA Secure Erase or NVMe Sanitize command, which destroys the drive's internal AES key — rendering all stored data unrecoverable instantly.
Is DoD 5220.22-M still relevant in 2026?
It's largely superseded by NIST 800-88 for modern storage. We support DoD 5220.22-M overwrite passes as a method option for legacy-compatibility workflows where your auditor expects the citation, but the underlying destruction is still chosen via the NIST 800-88 decision tree. Citation can appear on the Certificate of Destruction alongside NIST and IEEE 2883-2022 references.
Why does single-pass overwrite not work on SSDs?
SSDs use wear-levelling: the OS-visible blocks are abstracted from the physical NAND cells by the drive's controller. When an operating system issues an overwrite, the controller may write the new data to a different physical NAND cell, leaving the original data intact in the original cell. NIST 800-88 was updated specifically to address this. Default for modern SSDs and NVMe drives is Purge via SATA Secure Erase or NVMe Sanitize command, which destroys the drive's internal AES key — rendering all stored data unrecoverable instantly.
Is cryptographic erase secure enough for high-classification data?
Cryptographic erase under NIST 800-88 Purge is considered secure for moderate-to-high classification data on self-encrypting drives (SEDs) and modern SSDs / NVMe drives. The drive's internal data-encryption key is destroyed, rendering all encrypted data unrecoverable in seconds regardless of how much data was stored. For very-high-classification or top-secret-equivalent data, NIST 800-88 Destroy via particle-size shred is recommended as an additional defensive layer — Maxicom supports Destroy via shred to <2mm particle size on request.