Founded back in 1952 under President Harry Truman, the National Security Agency (NSA) has a long history of playing a role in setting the standard for information gathering and data security within the federal government. Currently, the NSA sets the standard for data destruction across the entire U.S. Intelligence Community, which is comprised of 17 agencies and organizations under the Director of National Intelligence.

Periodically, the Agency’s Center for Storage Device Sanitization Research (CSDSR) division publishes procedural guidance for the sanitization, declassification, and release of IT storage devices in its document titled “NSA/CSS 9-12”, and approved data destruction equipment in its “Evaluated Product List”. Additionally, standards and procedures are published for multiple media types including paper, hard drives, optical drives, paper and magnetic tape, and almost any other data-bearing media. These documents contain important information that every IT professional should know about the NSA’s standards and procedures regarding data security.

The NSA defines secure data destruction as having two distinct characteristics:

1. All of the data must be completely neutralized
2. The data must have zero chance of recoverability

This leaves only three primary methods that provide true data destruction, according to the NSA definition:

1. Disintegration/size reduction of solid state device media to 2mm x 2mm
2. Smelting/incineration by furnace at a temperature of no less than 1,600 degrees Celsius
3. Degaussing with specific technology through approved methods

In other words, aside from drastic measures to ensure complete physical destruction, degaussing is the ultimate form of data destruction. Not just any degausser can be used, however. Before publishing their findings in the Evaluated Products List, highly skilled engineers and technicians at the NSA CSDSR laboratory validate that equipment manufacturers meet their strict requirements. For degaussers, this means that magnetic fields must be strong enough to fully destroy data, and that they run both perpendicular and longitudinal.

At Lifespan, our clients are often seeking to eliminate data from hundreds, if not thousands of hard drives or tapes. In these cases, there is a growing sensitivity to both the speed of processing and the security of tape or hard drive residue when performing alternative, physical destruction processes. I believe the NSA’s primary approved methods listed above will satisfy the growing and frequent need for fast, high-volume, and high-security data destruction.

For commercial enterprises that seek to manage risk and protect themselves from privacy breaches, regulatory violations, or even a damaged company reputation, the NSA standards are useful for setting policies, creating processes, and choosing equipment to ensure data security. Organizations should standardize degaussing equipment approved by NSA-EPL or use a service vendor that has done so.

At Lifespan, we want to help you keep your data secure and manage risk. Call us at (888) 720-0900 or contact us to speak with an ITAD professional who can further discuss NSA standards, how degaussing may be a more secure alternative to your current data destruction process, and what Lifespan can do to help.