Department of Defense Hard Drive Destruction

CUI Controlled Unclassified Information Destruction
Tell us about your project

Department of Defense Hard Drive Destruction Compliance

Complying with the Department of Defense  hard drive destruction regulations require specific methods, timing, personnel and documentation.  It is important for organizations holding Controlled Unclassified Information (CUI) must follow these policies, standards and methods during the digital media disposition process.

NSA Requirements for data destruction

The goal of destroying Controlled Unclassified Information (CUI) is to render the information unreadable, indecipherable, and irrecoverable.

Defense Counterintelligence and Security Agency

CUI Destruction Requirements

DoD approved methods for the destruction of computer hard drives and other digital media are to disintegrate, pulverize, mangle or shred.  The key component for compliance is to damage the hard drive enough where there is reasonable assurance that the data cannot be reconstructed.

Shredded hard drive torn into half

Timing of Destruction

The Department of Defense requires organizations destroy digital media containing classified information as soon as possible after the decision is made.  Digital media should remain in locked and secure location until the digital media is destroyed. 5-704 Destruction


Method of Destruction

Digital media may be destroyed by shredding, melting, pulverizing.  5-705 Methods of Destruction. see shredding video.


Witness the Destruction

Access and destruction of hard drives must be by authorized and qualified personnel only.  SECRET and CONFIDENTIAL material requires only one person.  TOP SECRET material requires two people be present.  5-706 Witnessed Destruction.


Personnel and Documentation

Documentation shall indicate date, materials and list of authorized personnel present during the hard drive destruction process.  Data destruction personnel must have personal knowledge that the material has been destroyed  – Witnessed Destruction.  5-707 Destruction Records

NIST 800-88 data destruction

Defense Counterintelligence and Security Agency

The DCSA requires digital media and computer hard drives be rendered unreadable, indecipherable and irrecoverable.

To accomplish this goal, the DCSA directs organizations holding CUI and Covered Defense Information (CDI) to consult with the following governmental organizations for more detailed guidence.   NIST 800-88 Guidelines for Media Sanitization or the National Security Agency – “NSA Media Destruction Guidence” 

DEFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Security Reporting”. 

This document addresses the security for Controlled Unclassified Information (CUI) and  Covered Defense Information (CDI) stored on digital media.  The manual details acceptable equipment and methodology for hard drive destruction.

In addition, this document directs Defense Contractors to NIST 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”.  This document focuses on compliance when it comes time to dispose of digital media including hard drives, SSDs, magnetic backup tapes and CDs in their possession.