NSA/CSS Policy Manual 9-12
Covered Entities: Government Agencies
Governed by the National Security Agency
The National Security Agency and Central Security Service NSA/CSS Policy Statement 9-12 “NSA/CSS Storage Device Sanitization” provides guidance for sanitization of information on storage devices for disposal. information stored on these devices may range from Unclassified to Classified and Top Secret. This manual applies to all NSA/CSS elements and pertains to all storage devices utilized by NSA/CSS elements, contractors, and personnel.
Unlike most other data disposal policies, NSA/CSS Policy Manual 9-12 provides clear and precise requirements on secure disposal and destruction of data bearing media. NSA/CSS Policy Manual 9-12 also provides information on how to obtain NSA/CSS Evaluated Products Lists (EPLs) that meet NSA/CSS specifications.
NSA EPLs are lists that breaks down what devices have been tested and approved by the NSA to meet the necessary physical destruction requirements for all types of data bearing media. ONLY devices listed on the NSA/CSS EPLs are allowable for the destruction of Classified and Top Secret information. There are seven lists total, as well as a guide that cover a variety of devices used to destroy different media that can hold and store sensitive data. The lists are as follows:
- NSA/CSS Storage Device Sanitization Manual
- NSA/CSS Evaluated Products List for Hard Disk Drive Destruction Devices
- NSA/CSS Evaluated Products List for Magnetic Degaussers
- NSA/CSS Evaluated Products List for Optical Destruction Devices
- NSA/CSS Evaluated Products List for Paper Disintegrators
- NSA/CSS Evaluated Products List for Paper Shredders
- NSA/CSS Evaluated Product List for Punched Tape Disintegrators
- NSA/CSS Evaluated Product List for Solid State Disintegrators