The NSA EPL: The Policy that Protects Your Data

June 14, 2019 at 6:40 pm by Paul Falcone

In today’s world the amount of personal data that is accessible in your hands continues to grow by the day. As our data grows, so does our security concerns about how our data is accessed and how it should properly be destroyed. Luckily, there is a guideline that continues to update the products that are proven to destroy data to the point of no return: The Evaluated Product List (EPL) by the National Security Agency/Central Security Service.

What is the NSA EPL?

The NSA EPL is a series of lists that breaks down what devices have been tested and approved by the NSA to meet the necessary physical destruction requirements for all types of data bearing media. Some of these final particle sizes for top secret data are a 1mm x 5mm final particle size for paper and a 2mm particle size for DVDs and Blu-ray Discs. There are seven lists total, as well as a guide that cover a variety of devices used to destroy different media that can hold and store sensitive data. The lists are as follows:

  • NSA/CSS Storage Device Sanitization Manual
  • NSA/CSS Evaluated Products List for Hard Disk Drive Destruction Devices
  • NSA/CSS Evaluated Products List for Magnetic Degaussers
  • NSA/CSS Evaluated Products List for Optical Destruction Devices
  • NSA/CSS Evaluated Products List for Paper Disintegrators
  • NSA/CSS Evaluated Products List for Paper Shredders
  • NSA/CSS Evaluated Product List for Punched Tape Disintegrators
  • NSA/CSS Evaluated Product List for Solid State Disintegrators

For links to the latest lists, click here.

Why is the NSA EPL Important?

On January 23, 1968 the U.S.S Pueblo was in international waters aiding South Korea and gathering and intercepting codes and messages from the North Koreans when the ship became under siege. Crew members attempted to destroy the cryptologic materials that were used to decode secret messages, with one man being killed and three wounded. The North Koreans ended up seizing the ship and all of its crew, keeping the 82 surviving members crew members captive for 11 months. The event represented the largest single loss of sensitive data in US history. It was this very event that actually inspired the creation of the very first SEM disintegrator, as SEM founder Leonard Rosen sought to find a solution for the navy to destroy data in case this ever happened again.

Original oil painting depicting North Korean attack by artist Richard DeRosset commissioned by SEM. North Korean ship and aircraft numbering is exact for the attacking forces.

On February 1st, 2003, the Columbia space shuttle tragically disintegrated upon reentering the earth’s atmosphere after 17 days in space. As the pieces of the shuttle burst into flame and hurled towards Earth at high speeds, a hard rive that contained data from the exhibition landed in a river bed in Texas. This hard drive stayed in the riverbed for over six months through all forms of weather until it was discovered and sent to Ontrack to attempt to recover the data.

A look inside the drive that fell from the Columbia shuttle

After a team of engineers got to work, they were able to reconstruct the rotational drive and recover over 99% of the data on the drive. A drive that fell from outer space, on fire, into a riverbed for over six months was able to have its data recovered.

What do these stories have to do with the NSA EPL? Without a set of standards, what people would consider destroyed, or how people would think data is protected, would be very, very, different from what is actually needed to ensure complete physical destruction. By having these standards and a push for devices that can meet these standards, data that needs to be protected to keep people safe around the world can be properly disposed of. This ranges from your own ¬†Personally Identifiable Information (PII) to our nation’s and military’s largest secrets that protect millions of lives.

That means whether it’s designing destruction machines that fit specific dimensions of naval ships, or building a shredder that can destroy hard drives better than falling through the atmosphere, the NSA EPL has the specifications that ensure all data has a proper end-of-life solution.

At SEM, we take pride in being the global leader in high security end-of-life solutions. As such, we are constantly ensuring that our machines are meeting the latest standards provided by the NA, and using our expertise to educate the community at large to keep data of both the government and US citizens safe.