Data Purge Methods for macOS Devices (Apple Silicon & Intel) Under NIST 800-88

Summary

This guide covers Apple Silicon (M1/M2/M3) and Intel Macs (with or without T2), offering scenarios based on device condition.

Body

Introduction

NIST SP 800-88r1 defines three sanitization levels: Clear, Purge, and Destroy. For enterprise Macs, Purge is the most common requirement when devices leave organizational control or are repurposed. This guide covers Apple Silicon (M1/M2/M3) and Intel Macs (with or without T2), offering scenarios based on device condition.

Why Purge Matters

  • Clear: Logical overwrite; suitable for internal reuse.
  • Purge: Makes data unrecoverable even with forensic tools.
  • Destroy: Physical destruction; last resort for damaged or end-of-life devices.

Scenario 1: Apple Silicon Mac (M1/M2/M3) – Device Boots Normally

Recommended Method: Erase All Content and Settings (EACS)

  • Why: Apple Silicon uses hardware encryption. EACS destroys encryption keys → cryptographic erase → NIST Purge.
  • Steps:
    1. Backup data if needed.
    2. Go to System Settings → General → Transfer or Reset → Erase All Content and Settings.
    3. Confirm and let the process complete.
  • Verification: Document the process; capture logs if using MDM.
  • Optional: Use Jamf Pro’s EraseDevice command for remote wipe (requires Bootstrap Token escrow).

Scenario 2: Intel Mac with T2 Chip – Device Boots Normally

Recommended Method: Erase All Content and Settings (macOS 12+)

  • Works similarly to Apple Silicon: cryptographic erase via T2 hardware.
  • Steps: Same as Scenario 1.
  • MDM Option: Jamf Pro → Wipe Computer (EraseDevice command).

Scenario 3: Intel Mac without T2 or Older macOS

Recommended Method: Secure Erase via Parted Magic or Certified Tool

  • Why: No hardware encryption; must overwrite or sanitize SSD.
  • Steps:
    1. Boot from Parted Magic USB.
    2. Use ATA Secure Erase or NVMe Sanitize.
    3. Verify with Disk Verifier.

Scenario 4: Device Does NOT Boot (Apple Silicon or Intel)

  • Option A: Remove SSD (if removable) → sanitize using secure erase tools.
  • Option B: If SSD soldered (Apple Silicon), physical destruction is required → shredding or pulverizing per NIST Destroy guidelines.

Scenario 5: Target Disk Mode

When to Use: Device boots but cannot run EACS (e.g., OS corruption, admin password unknown).

  • Steps:
    1. Boot the problematic Mac into Target Disk Mode:
      • Intel: Hold T during startup.
      • Apple Silicon: Use Share Disk from macOS Recovery.
    2. Connect to a host Mac.
    3. Use the host Mac to:
      • Run diskutil secureErase (for spinning disks) or certified erasure tool for SSD.
      • Or use Blancco/BitRaser for full NIST-compliant purge.
    4. Verify completion and document logs.
  • Notes: Ensure encryption keys are destroyed or overwrite is complete.

Compliance & Documentation

  • Record:
    • Device serial number, method used, date/time.
    • Screenshots or Jamf logs or Disk Verifier logs - if possible

Comparison Table

Condition Method NIST Level Notes
Apple Silicon boots EACS / Jamf EraseDevice Purge Fast, cryptographic erase
Intel + T2 boots EACS / Jamf EraseDevice Purge Same as Apple Silicon
Intel no T2 Parted Magic / Blancco Purge Requires overwrite or sanitize
Target Disk Mode Secure erase via host Purge Use certified tool for SSD
Device dead Physical destruction Destroy Shred, melt, pulverize

Best Practices

  • Always verify sanitization.
  • Maintain logs or certificates.
  • Align with organizational policy for NIST compliance.

Details

Details

Article ID: 3010
Created
Fri 11/14/25 3:10 PM
Modified
Fri 11/14/25 3:13 PM