NIST Guidelines vs. the NSA EPL on Hard Drive Destruction: Clearing Up Confusion

February 5, 2019 at 5:44 pm by Heidi White

hard drive destructionOver the 20 years I have been working for SEM, I have explained to customers and former military colleagues about the requirements for classified destruction. Lately these requirements have become stricter due to the ever-changing technologies. It’s not as easy as just putting your paper in a shredder or disintegrator and walking away knowing your classified is destroyed. Your classified now comes on many types of media. With so many types of media, a requirement had to be set forth by the National Security Agency (NSA) as to how these needed to be destroyed. We will discuss destroying hard drives as it relates to the National Institute of Standards and Technology (NIST) 800-88 and NSA Evaluated Products List (EPL) for Hard Drive Destruction.

For this blog, I will only discuss a brief overview for the destruction of hard disks (SCSI, ATA, SATA). NIST 800-88 explains on page 16, table 5-1 there are three methods of destroying hard disks. The first is to CLEAR. This method uses software to overwrite the storage space on the media with non-sensitive data (unclassified) and gives you the option to reuse your hard drive. The second is to PURGE. This method uses degaussing and the Secure Erase command present on some ATA drives. This method is very effective again for unclassified drives. The third method is PHYSICAL DESTRUCTION. This method is the standard for classified data and it destroys the drive by using disintegration, pulverization, melting, or incineration.

emp 1000HS
SEM’s NSA listed Model EMP1000-HS degausser is an ideal solution for rotational hard drives; however, degaussing has NO effect on solid state media.

The second paragraph of the NSA/CSS EPL for Hard Drive Destruction Devices states, “Hard drive destruction devices on their own DO NOT SANITIZE magnetic and/or solid-state storage devices; use of these machines is only authorized in conjunction with degaussing for routine magnetic hard disk drive sanitization or by themselves only in extreme emergency situations. Sanitization guidance for classified storage devices is located in the NSA/CSS PM 9-12 Storage Device Sanitization Manual.” This leads you to believe that degaussing could be used on a solid state drive (SSD). This is misleading! A magnetic field created by a degausser will cause no damage to an SSD. A degausser will only destroy information on a standard rotational magnetic drive.

ssd shredder
Classified SSDs must be disintegrated to a 2mm particle size.

In the third paragraph it states; “All shredders designed for hard drives are approved for deformation of magnetic hard drive platters. Shredding alone will NOT SANITIZE magnetic and/or solid state storage devices unless a two-millimeter particle size or less of the magnetic disk or solid-state memory chip is accomplished in accordance with NSA/CSS PM 9-12 Storage Device Sanitization Manual.” This states that if you have a hard drive or SSD, you can shred it to a 2mm particle to sanitize the drive. This is confusing. Although the NSA guidelines REQUIRE you to reduce a classified SSD to a two-millimeter particle to render the device sanitized, the machine that does this may not be able to shred a standard magnetic hard disk drive to this two-millimeter particle. This is due to the size and materials used in the manufacturing of a magnetic hard disk.

In conclusion, in order to completely destroy the information in a hard drive is a two-step process for a magnetic hard drive and a single step process for a SSD.

A magnetic disk MUST BE degaussed using an NSA approved degausser THEN physically destroyed. This second step of physical destruction is left up to the end user and can vary greatly. It can be as simple as drilling a hole in the drive, hitting it several times with a hammer, or using a hydraulic punch or hard drive shredder. A solid state drive MUST be shredded to a two-millimeter particle and cannot be degaussed.

If you have any questions or would like to talk to a security professional, feel free to reach out to me or any SEM representative.

Karl Lotvedt, DC Region Sales Support, has over 20 years of experience with SEM, including targeted expertise in understanding military procedures and requirements. Prior to joining SEM, Karl spent 20 years in the United States Air Force including over five years in procurement. Now retired from the Air Force, Karl currently serves as an Air Force resource advisor. Karl received his AA and CIS from National College in Rapid City, SD.

Solid State Devices: Destruction Overkill?

September 19, 2018 at 8:54 pm by Heidi White

data-securityOrganizations frequently use paper shredders and computer media destroyers that are approved for the highest security materials they ever have, using that equipment for all of their materials in a single stream process.  Also common is to get the highest security level device that is available, even it goes well beyond the level of destruction mandated for or customarily used for the materials they actually have.  This could be called a “better safe than sorry” philosophy for media destruction.

For some information destruction equipment, like office paper shredders, choosing the most secure equipment for everything can often work out alright.  This choice will almost always be more costly than selecting the minimum security level device for each type of material for which it will be used.  However, a greater cost is often accepted in return for the confidence of having the greatest possible degree of information destruction.  For paper shredders, the highest security level means the smallest particle size, typically produced by NSA listed models.

SSD-destructionThe situation for solid state media destroyers is very different.  As a rule, dramatically greater hassle and cost will come from choosing the most secure possible device.  Solid state materials include whole solid state drives, flash memory sticks, thumb drives, circuit boards with flash storage, cell phones, and some smart cards. The highest security level for destroying these types of materials is the NSA standard, currently set at a maximum of 4mm squared, with compliant devices typically producing a particle size of 2mm x 2mm.  This particle size is required by the NSA for classified solid state items.

At the time I am writing this, the choices for NSA listed SSD destroyers are minimal.  There is only one office friendly device with extremely limited capabilities.  There are also a couple of large industrial type devices suited for folks with large spaces and large budgets.  With the current set of choices, getting an NSA listed SSD destroyer means enormous costs. Adding to the large initial cost, operational labor (due to very slow throughput), replacement parts, repairs, and preventive maintenance are very high for these machines.

shred ssdThe reality is that many organizations don’t need an NSA level of destruction for all of their solid state materials.  Often the classified items are only a very limited part of the mix.  In these cases, there are a few ways to save a lot of money and hassle.  If none of the solid state items to be destroyed are actually classified, there are machines that are many times faster, much more rugged, and are a small fraction of the cost of the NSA listed machines.  These devices produce high to extreme levels of destruction, well beyond any reasonable likelihood of reconstruction of any data.  If only a portion of the items in the mix is classified material, a major bump in productivity plus significant savings can come from using one of these lower cost devices for the unclassified items.  Even if an NSA listed SSD destroyer is brought in, the load on it can be reduced by using a second machine for the unclassified materials.  This type of dual stream process can save many times the cost of the second machine in terms of reduced purchases of repairs, maintenance, and spare parts.

When it comes to solid state media destruction, for folks whose materials are all or mostly unclassified, going with general purpose SSD destroyers offers these benefits over NSA listed SSD destroyers:

  1. Up to 20 times faster throughput
  2. Minimal service needs, even zero service needs through thousands of cycles
  3. Ability for most models to take whole SSDs with no assembly
  4. Models that run off of regular 120V wall current
  5. Dramatically lower cost for the equipment, ongoing service, and parts

Of course, technologies change over time.  New products will surely come out.  NSA certifications will change.  It is a moving parade over longer time scales.  But, for now, a great strategy for dealing with solid state media destruction that is partly or totally unclassified is to get a good general purpose SSD destroyer that provides a satisfactory level of destruction.

Bob Glicker, Mid-Atlantic Regional Sales Manager, has over 35 total years of sales experience with over 23 years of targeted government sales experience. Bob prides himself on providing the highest level of service to his government clients, and he enjoys working with key resellers. Bob received his BS in Chemistry from the University of Maryland, College Park. In his free time, Bob enjoys a variety of activities including gym workouts, cycling, reading, and listening to podcasts. He is also an avid science lover, an amateur juggler, a vegetarian, and the quintessential family guy.