Does the NSA Evaluate Hard-Drive Shredders?
Is the Hard-drive Shredder You Offer NSA Approved?
The short answer to both questions is “No”! Here is the rest of the story.
The NSA approved way to sanitize a classified hard drive (HDD) is to degauss it in a National Security Agency (NSA) evaluated degausser. Once degaussed, the NSA strongly recommends that drives be further damaged by bending or punching before disposal. This is described in the NSA’s Storage Device Sanitization Manual.
In 2010 and 2011 the NSA wanted to set some minimal standards for HDD destruction, so they started to test equipment. They started reviewing the various machines available that would bend or punch HDDs. They tested different brands/types of HDDs to make sure the damage was consistent. Next, they started looking at durability and safety. Then they set a maximum of thirty seconds as the cycle time a device can take to destroy a HDD. That brings us to the current Evaluated Products List (EPL) for Hard Drive Destruction Devices. All of the devices on the EPL are categorized as bending or punching devices.
What about hard drive shredders? Where do HDD shredders come into the picture?
Take a look at these photos.
The shred samples here came from an SEM Hard Drive Shredder:
This picture is an HDD that was punched/crushed in the SEM Model 0101 HDD Crusher:
The reason the NSA hasn’t felt the need to test the HDD shredders is because there is no doubt that the damage caused to a HDD by shredding is far beyond anything done by any of the bending or punching devices.
So if you have the volume to justify shredding and want to bolster your security program, the NSA is fine with shredding.
Note: If after reading this you still have concerns about shredding classified hard-drives, contact the Center for Storage Device Sanitization Research (CSDSR) at the NSA: CSDSR@nsa.gov