THE CRUNCH · EPISODE 30 · 0:32 · STANDARDS

The Standard Got an Update

THE CRUNCH · EP 30
TAP TO PAUSE
PAUSED — TAP TO RESUME
Tap ♫ for music
Or keep scrolling — the full text is below
0:32 runtimeFully captioned · music optionalDrag the top bar to seekThe Crunch · :30 series

Prefer to read it?

If your media-sanitization policy cites NIST 800-88 Revision 1 as the current standard, it's citing a withdrawn document. NIST published Revision 2 in September 2025 and formally retired the 2014 edition.

The vocabulary survives: Clear, Purge, and Destroy are still the three sanitization methods, chosen by data sensitivity, media type, and whether the media leaves your control. What changed is everything around them. Rev. 2 is organized around running a sanitization program — a written policy, a decision flow, and records — rather than a menu of techniques. For technique details, it now defers to IEEE 2883 and NSA specifications. And cryptographic erase, the fastest-growing method, gets explicit conditions: strong encryption for the data's whole life on the media, verifiable key destruction, and a traceable operation.

The through-line is proof. Verification is elevated, and the standard now includes a sample certificate of sanitization: media, method, technique, verification result, per serial number. Same three methods — higher bar for showing your work.

CYBERCRUNCH · R2v3 · NAID AAA · RIOS · PA DEP

Is your policy still citing Rev. 1?

The full explainer covers the three methods, the media-to-method map, everything Rev. 2 changed, and a checklist you can run this quarter.