ISO/IEC 21964 (DIN 66399) Standards
UPDATE August 2018: DIN 66399 has been globally standardized to ISO/IEC 21964.
The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), who together form the specialized system for worldwide standardization, have established a joint technical committee, ISO/IEC JTC, in the field of information technology. In August of 2018, ISO/IEC JTC internationally standardized the German Institute for Standardization’s DIN 66399 terms and principles for destruction of information technology data carriers. This standard, ISO/IEC 21964, is now being referenced by organizations on an international level when referring to data destruction requirements. The materials referred to in security levels are identical to those referenced in DIN 66399.
DIN Standards are the result of work at the national, European, and international level. Proposals for new standards are submitted and, once accepted, the standards project is carried out according to set rules of procedure by the relevant DIN Standards Committee, the relevant Technical Committee of the European standards organization CEN (CENELEC for electrotechnical standards), or the relevant committee at the International Standards Organization, ISO (IEC for electrotechnical projects). DIN Standards are reviewed at least every five years. If a standard no longer reflects the current state of technology, it is either revised or withdrawn.
Three Protection Classes of DIN 66399
The protection requirement of data is classified into three different classes. To determine the specific protection requirement and resulting protection class, it is necessary to assess data type.
- Class 1 is for the Normal Protection required for Internal Data where disclosure would have a negative impact on a company or a risk of identity theft of an Individual.
- Class 2 is for the Higher Protection for Confidential Data where disclosure would have a considerably negative effect or could breach legal obligations of a company, or offer a risk of adverse social or financial standing of an individual.
- Class 3 Is for Very High Protection for Confidential and Top Secret Data which, if disclosed, could have terminal consequences for a company or government entity, and have a health and safety or personal freedom risk to individuals.
- NSA/CSS EPL Lists
- Data Sheets
- NSN Program
- Regulatory Compliance
- ISO/IEC 21964 (DIN 66399) Standards
- GSA and Other Contracts
- CUI Directive: Destroy Paper to 1mmx5mm Particle Size
- GSA Catalog
- Data Destruction Questionnaire