NSA Compliant Data Destruction

Hard Drive Destruction Best Practices

NSA Compliant Data Destruction

The National Security Agency (NSA) and Central Security Services (CSS) has put together a manual entitled NSA/CSS Storage Device Sanitization Manual 9-12  detailing the proper methodology and equipment required for NSA compliant hard drive destruction.  In addition, the NSA/CSS Policy 6-22 “Handling of NSA/CSS Information Storage Media” assigns responsibilities for the secure handling of all NSA/CSS information media storage  These policies and manuals detail the acceptable equipment and methodology for hard drive destruction.

Compliance begins prior to erasing, degaussing and shredding.

hard Drive destruction projects for the City of Los Angeles
Hard drive destruction projects NASA in Pasadena
Hard drive destruction project for the Office of the Inspector General Health and Human Services
Scanning serial numbers for NIST 800-88 Compliant Data Destruction

Record Hard Drive Inventory

Record the serial number of each hard drive to be destroyed.  Best practices, as well as NIST 800-88, require linking the hard drive to the originating machine and user.  A Certificate of Destruction with a list of serial numbers does not tell the whole story.  Where the drive came from and what information was stored on the drive is the true

Secure Drives in a locked Storage Container

Once removed from machines, hard drives must be protected from access by unauthorized employees and visitors.  Storing 100’s of drives in the company’s warehouse, unused office or a hired electronic recycling facility leads to pilfering and unauthorized access.  By definition, this is a data breach.

Locked Container Hard Drives
locked container for hard drives

Physically Destroy Hard Drives and Digital Media

Degauss and destroy.  More specifically, degauss with a machine on the NSA Degausser Evaluated List.  Cheaper and less powerful degaussing machines do not have enough magnetic force to penetrate heavily shielded server drives.

The destruction of the hard drive consists of “physically damaging by deforming the internal platters…”  The NSA/CSS Policy Manual 9-12  “Storage Device Sanitization and Destruction Manual” does not require shredding the drive to a certain siz

Compliant Data Destruction