NSA Compliant Hard Drive Destruction

The National Security Agency (NSA) and Central Security Services (CSS) has put together a manual entitled NSA/CSS Storage Device Sanitization Manual 9-12  detailing the proper methodology and equipment required for NSA compliant hard drive destruction.  In addition, the NSA/CSS Policy 6-22 “Handling of NSA/CSS Information Storage Media” assigns responsibilities for the secure handling of all NSA/CSS information media storage  These policies and manuals detail the acceptable equipment and methodology for hard drive destruction.

Sanitization and Destruction Methods

NSA/CSS Storage Device Sanitization Manual 9-12 says the following hard drive destruction techniques are acceptable for DoD and NSA compliance.  Devices used for destruction must be on the NSA/CSS Evaluated Products List.  Hard drive must be deguassed first.

Classified SCI hard drive
Top Secret Classified hard drive

Degauss & Destroy

Aerospace and defense contractors are required to use the degauss and destroy method for data destruction on computer hard drives.  The NSA Central Security Service has designated which degaussing machines may be used for compliance.  Approved degaussing machines can be found on the NSA Evaluated Products List.  We are able to degauss and destroy a single 3.5” server hard drive in less than 10 seconds.

Disintegration is required for flash memory such as SSDs, USBs and cell phones as well as CDs, DVDs, SIM Cards and CAC ID cards.

NSA Evaluated Degausser List
NSA Listed Degausser

Disintegration

NSA Requires 2mm for destruction of CDs, DoD Common access Cards CACOur NSA Listed  disintegration shredder shreds SIM Cards, Department of Defense Common Access Cards “CAC ID”, EMV Credit Card, Magnetic Strip Card, CD, DVD, and BluRay disks down to 2mm (required by the NSA).

Solid state drives (SSDs) cannot be degaussed because they do not store data on magnetic media.  As such, NSA/CSS requires that SSDs and other flash media be disintegrated into 2mm particles.  This ensures that every chip on the flash drive is destroyed and data is not recoverable.  These CDs were disintegrated with a shredder listed on the NSA Evaluated Products List.

Most organizations that fall under NIST 800-88, HIPAA and PCI data destruction require that SSDs and other flash media be shredded to .375” (9.5mm).  This size shred ensures that all chips are destroyed.

NSA Evaluated Disintegrators
NSA Evaluated SSD Disintegration
The E-Waste Security disintegrator is on the NSA Evaluated Products List. CDs, credit cards, SIM cards are shredded to 2mm.