DIN (German Institute of Standards*) standards for shredding documents have been available for years and have gained acceptance for unclassified applications. It has come to our attention that this German national organization is now preparing new standards for the secure destruction of hard-drives that will be released next year. Since German firms manufacture a large share of the paper shredders sold worldwide, these standards will be considered as equipment is purchased. So I thought it might be a good time to discuss how they might differ with Federal Government programs. Here are the new standards as proposed:
Security Level Proposed NEW DIN Standard
1 Hard drive mechanically or electronically inoperable
2 Hard-drive damaged
3 Hard-drive deformed
4 Hard-drive multiply divided and deformed. Maximum particle surface
2,000² mm (approx. 1.76” X 1.76”)
5 Hard-drive multiply divided and deformed. Maximum particle surface
320 mm² (approx. .7” X .7”)
6 Hard-drive multiply divided and deformed. Maximum particle surface 10
mm² (.12” X .12”)
7 Hard-drive multiply divided and deformed. Maximum particle surface
5mm² (.08” X .08”)
Note that Levels 1-3 are about damaging drives. Levels 4-7 are maximum shred sizes.
Although the DIN standards may be helpful in the commercial world, they will have no standing in the classified world. Classified magnetic (rotational) drives will still need to be degaussed using a National Security Agency (NSA) listed degausser. Once the information is destroyed by degaussing, you can decide what further procedures you want to employ to secure your drives. The only guidance the NSA provides is that it is highly recommended that drives be further damaged. This is noted in the agency’s Storage Device declassification Manual (SDDM). What this means is that as a Security or IT Manager, you have the discretion to decide what method best fits your organization. That’s why there are a wide range of methods available to damage your drives.
If your volume is modest or your application tactical, punching drives after degaussing may be the best option. Punching is the most popular destruction method. The equipment takes less space and is less expensive. Automatic models are available that plug into a standard 115 volt outlet with a 10 second cycle. The better ones will punch out the whole spindle and damage each drive platter. Manual models are available that require no power but your own.
Believe it or not, Hard-drives can be shredded in modest volumes with an office model using a dedicated 115 volt outlet. Heavier volumes (more than 250 per week) can be handled by some of the more powerful three-phase models available. You can also choose from many shred sizes. We offer 1.5”, 1”, and ¾” shred sizes in our standard models.
These new standards are not relevant for the destruction of classified Solid State Drives either. The NSA policy (SDDM) for SSDs is that you should “…disintegrate into particles that are nominally 2 millimeter edge length in size using an NSA/ CSS evaluated Disintegrator…” Even if a product could shred to the new Level 7 standard, it would not meet the requirement. Level 7 is close, but not quite small enough.
To summarize, you may see these Level 1-7 standards mentioned in coming years. Standards like this are good and needed in the corporate world. Just understand they have no standing in the classified world.
* DIN (Deutsches Institut für Normung e.V.)