Skip to main content

Hi everyone,

A customer is requiring a certificate of sanitization as per NIST SP 800-88 guidelines. I've done some research on my own but, from the articles I read, it is a bit of a grey area and I have hit a wall. I'm aware that in the background, google, AWS, and Azure are all following NIST SP 800-88 when it comes to decommissioning storage media but this doesn't really help me in providing a certificate to the customer. The guidelines recommend cryptographic erasure and provide some guidance on generally how to verify cryptographic erasure which seems to be the right direction but I am still not confident on how compliant data sanitization is performed in the cloud.

Does anyone have any experience with needing certificates of sanitization in the cloud that could help guide me in understanding the process? Any help is appreciated! 

While I've never dealt with this specific form my guess is they want you to use the digital method not the physical one. You do that apparently through a native application or by using a PDF form with an automated data transfer utility. You'll probably need to contact someone directly from NIST and inquire about the process they expect on their end.  I would inquire either at the comment email here or the contact below on that page.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.