NSA Compliant Hard Drive Destruction

The National Security Agency (NSA) and Central Security Services (CSS) has put together a manual entitled NSA/CSS Storage Device Sanitization Manual 9-12  detailing the proper methodology and equipment required for NSA compliant hard drive destruction.  In addition, the NSA/CSS Policy 6-22 “Handling of NSA/CSS Information Storage Media” assigns responsibilities for the secure handling of all NSA/CSS information media storage  These policies and manuals detail the acceptable equipment and methodology for hard drive destruction.

The 3 Steps to Comply with NSA Hard Drive Destruction Requirements

Compliance begins prior to erasing, degaussing and/or shredding!

Inventory 

Record the serial number of each hard drive to be destroyed.  Best practices, as well as NIST 800-88, require linking the hard drive to the originating machine and user.  A Certificate of Destruction with a list of serial numbers does not tell the whole story.  Where the drive came from and what information was stored on the drive is the trueTop Secret Classified hard drive objective.

Secure Storage

Once removed from machines, hard drives must be protected from access by unauthorized employees and visitors.  Storing 100’s of drives in the company’s warehouse, unused office or a hired electronic recycling facility leads to pilfering and unauthorized access.  By definition, this is a data breach.

Destruction

Degauss and destroy.  More specifically, degauss with a machine on the NSA Degausser Evaluated List.  Cheaper and less powerful degaussing machines do not have enough magnetic force to penetrate heavily shielded server drives.

The destruction of the hard drive consists of “physically damaging by deforming the internal platters…”  The NSA/CSS Policy Manual 9-12  “Storage Device Sanitization and Destruction Manual” does not require shredding the drive to a certain size. 

Degaussers

NSA Evaluated Degausser List
NSA Listed Degausser

Disintegration

NSA Listed  disintegration shredder for SIM Cards, Department of Defense Common Access Cards “CAC ID”, EMV Credit Card, Magnetic Strip Card, CD, DVD, and BluRay disks down to 2mm (required by the NSA).

NSA Evaluated Disintegrators
NSA Evaluated SSD Disintegration
The E-Waste Security disintegrator is on the NSA Evaluated Products List. CDs, credit cards, SIM cards are shredded to 2mm.