The IT Law Wiki


Sanitization is the

[p]rocess to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs.[1]
editing of intelligence to protect sources, methods, capabilities, and analytical procedures to permit wider dissemination.[2]
actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.[3]


When storage media are transferred, become obsolete, or are no longer usable or required by an information system, it is important to ensure that residual magnetic, optical, or electrical representation of data that has been deleted is not easily recoverable. Sanitization refers to the general process of removing data from storage media, such that there is reasonable assurance, in proportion to the confidentiality of the data, that the data may not be retrieved and reconstructed.

Different kinds of sanitization provide different levels of protection. There are four categories of media sanitization:


  1. NIST Special Publication 800-53; NIST FIPS 200; CNSSI 4009 Adapted.
  2. Office of Counterintelligence (DXC), Defense CI & HUMINT Center, Defense Intelligence Agency, "Terms and Definitions of Interest for DoD Counterintelligence Professional," at GL-151 (May 2, 2011) (full-text).
  3. NIST Special Publication 800-88; CNSSI 4009.

See also[]