Standards
Need for Standards
Without a set of standards, what people would consider destroyed, or how people would think data is protected, would be very, very, different from what is actually needed to ensure complete physical destruction. By having these standards and a push for devices that can meet these standards, data that needs to be protected to keep people safe around the world can be properly disposed of. This ranges from your own Personally Identifiable Information (PII) to our nation’s and military’s largest secrets that protect millions of lives.
US National Institute of Standards and Technology, NIST SP 800-88 Rev 1
The NIST SP 800-88 Revision 1 (Full name being National Institute of Standards and Technology Special Publication 800 - 88 Revision 1 - Guidelines for Media Sanitization) is the current internationally recognized standard for organizations and agencies looking to sanitize data and storage medium leaving their organizational control.
More information here:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf
NSA CSS 9-12 Policy Manual
The NSA/CSS Policy Manual 9-12 - Storage Device Sanitization And Destruction Manual provides routine guidance for sanitization of information system (IS) storage devices for disposal or recycling in accordance with Department of Defense (DoD) Manual 5200.01, Volume 3, “DoD Information Security Program: Protection of Classified Information” (Reference a), Intelligence Community Standard 500-34, “Electronic Waste (EWaste) Management and Disposal” (Reference b), and NSA/CSS Policy 9-12, “Storage Device Sanitization and Destruction” (Reference c). Information stored on these devices may range from UNCLASSIFIED to TOP SECRET and may include compartmented, sensitive, or limited distribution material. Furthermore, this manual provides information about how to obtain current listings of evaluated sanitization equipment that meets NSA/CSS specifications.
More information here:
National Security Agency, NSA Evaluated Products List (EPL)
The Evaluated Product List (EPL) by the National Security Agency/Central Security Service is a guideline that continues to update the products that are proven to destroy data to the point of no return.
More information here: