Level 1

4 points

is disk wipe process for an M1-based Mac NIST 800-88 complaint?

This is important since many companies use MAC system and have requirement to comply with certain standard. The article on Filevault (Volume encryption with FileVault in macOS - Apple Support (IE)) talks about secure deletion but not if we comply to any complaince requirement when we follow this.

Should we procure tools for such deletion?

Posted on Aug 7, 2023 11:27 PM

Reply

Top-ranking reply

Level 10

158,256 points

Posted on Aug 8, 2023 5:00 PM

is disk wipe process for an M1-based Mac NIST 800-88 complaint?

Yes.

Refer to https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

Ignore all references to magnetic media because they do not apply. Cryptographic Erasure occurs when you erase the device, since its encoding keys are destroyed upon erasure.

The applicable excerpt (emphasis added):

Cryptographic Erase (CE) leverages the encryption of target data by enabling sanitization of the

target data’s encryption key. This leaves only the ciphertext remaining on the media, effectively

sanitizing the data by preventing read-access.

Without the encryption key used to encrypt the target data, the data is unrecoverable.

That encryption is performed in hardware on M series Macs.

View in context

Similar questions

3 replies

Top-ranking reply

Level 10

158,256 points

Aug 8, 2023 5:00 PM in response to SGPG

is disk wipe process for an M1-based Mac NIST 800-88 complaint?

Yes.

Refer to https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

Ignore all references to magnetic media because they do not apply. Cryptographic Erasure occurs when you erase the device, since its encoding keys are destroyed upon erasure.

The applicable excerpt (emphasis added):

Cryptographic Erase (CE) leverages the encryption of target data by enabling sanitization of the

target data’s encryption key. This leaves only the ciphertext remaining on the media, effectively

sanitizing the data by preventing read-access.

Without the encryption key used to encrypt the target data, the data is unrecoverable.

That encryption is performed in hardware on M series Macs.

Reply

Level 10

158,256 points

Aug 8, 2023 5:19 PM in response to John Galt

Although that document makes no specific reference to Macs, its Appendix A specifically addresses current and future production iPhones and iPads. Their data storage and encryption methods (and consequently, their respective means of destruction "clear" and "purge") are essentially identical to M series Macs.

Reply

Level 8

46,331 points

Aug 8, 2023 1:40 AM in response to SGPG

If I were you, I would ask this question at apple business suppport

Business - Official Apple Support

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

is disk wipe process for an M1-based Mac NIST 800-88 complaint?

Welcome to Apple Support Community

A forum where Apple customers help each other with their products. Get started with your Apple Account.

Learn more Sign up