What is secure erase, and is it certified on an Intel® SSD?

I'm often asked whether the secure erase feature within Intel® SSDs is certified by NIST, U.S. DoD, or other government or industry bodies. Intel has implemented the secure erase feature consistent with the ATA and NVMe specifications. The designs and implementations have been internally reviewed and validated.  A third-party has tested the implementation on a subset of our products and reported that the data was unrecoverable.

Intel is unaware of any industry or government body which certifies or approves the implementation of this technical capability.  NIST SP 800-88 is often cited as the guideline to be followed in the United States with regard to secure erase.  NIST provides guidelines, however, NIST does not certify compliance to these guidelines.  In addition to being consistent with the ATA and NVMe specifications, our implementation of secure erase is in line with the NIST guidelines for data sanitization.

What is “secure erase” and why is it used?

Image of an Intel® SSD used with secure erase
Intel® SSD

“Secure erase” is a generalized term for sanitizing data on an SSD via standard commands supported by the SSD controller.  Data sanitization is used to render data on a storage device to be irretrievable.  The “secure erase” phrase addresses the concept of sanitizing data on both SATA-based SSDs using the ATA protocol (SECURITY ERASE UNIT) and PCIe-based SSDs using the NVMe protocol (Format NVM).  Secure erase is a fast, effective method to sanitize data from Intel® SSDs, and may be used in many instances in place of physical destruction or overwrite methods traditionally used with HDDs.

How does secure erase work?

Standard protocol-specific commands are implemented by the SSD controller to erase the media – often referred to as a block-erase. Many Intel® SSDs are also classified as self-encrypting drives (“SEDs”), which support AES encryption at the drive controller. The SEDs also support protocol-specific commands to change the internal encryption key – often referred to as a crypto-erase.  The secure erase commands can be initiated from a variety of methods, including utilities from Intel, 3rd parties, or integrated into the platform BIOS/UEFI.  Depending on the tool implementation and specific firmware, the command may erase the media, change the internal encryption key, or both.

But is secure erase certified?

No.  We are unaware of a government or industry body which certifies or approves the implementation of this technical capability.  And while we believe that the technical capability is effective, the concept of certification must include the overall process of secure erase tools, verification of success, documentation requirements, etc.  NIST provides guidance on considerations related to verification in SP 800-88.

But I need a certificate of data destruction!

Business policies, industry requirements, and government regulations vary. If a certificate of destruction is required, there are third-parties who provide data sanitization services and will provide one.  These services often include clearly documented, monitored and audited processes.  These processes and services tailored to your industry are part of the value-add of these service providers, and a primary reason why they are able to charge for their services.

Does Intel provide tools which support secure erase?

Yes. Please see the links below:

Does Intel IT use secure erase to sanitize data?

Yes.  Intel IT uses secure erase when repurposing Intel® SSDs internally.  Intel IT has also approved the use of secure erase for external reuse of self-encrypting Intel SSDs but hasn’t had a need yet as we heavily reuse SSDs in other areas, i.e. labs.  Read more in this Intel IT whitepaper.

What is Intel® Remote Secure Erase?

Intel® Remote Secure Erase is a capability offered as part of Intel® Active Management Technology (Intel® AMT) and allows an IT administrator a method to remotely initiate the secure erase operation on an enabled PC with an Intel® SSD.  The underlying secure erase operation is the same as if the secure erase was initiated locally with a different tool. Because Intel® Remote Secure Erase leverages Intel® AMT, the secure erase operation can be performed out-of-band – even if the system is sleeping, powered off or has a corrupt OS.

Where can I learn more about secure erase and data sanitization guidelines?