We can assist organizations of all sizes and with different levels of security needs. While we can achieve the highest standards for classified IT destruction, we customize our processes to achieve your organizations required outcomes. Our customers include federal agencies, military units, law enforcement departments, healthcare operations, financial institutions, local government, and more organizations. Contact us for a custom recommendation and quote for your organization's specific needs.

Being located out of Mansfield, Ohio presents many advantages to our business. We are within 600 miles of 60% of the United States population. Depending on the volume of your IT equipment requiring destruction, we can support any location within contiguous 48 States. 

Email us to see how Mansfield Tech can help with your IT Asset Disposition problems.

contact@mansfieldtech.us

NIST 800-88 and 800-53 outline recommendations and security controls based upon the sensitivity of data, but your organization is responsible to  evaluate and choose appropriate security controls. 

For classified data, Combined Federal Regulations require all organizations regardless of agency, military branch, and contract vehicle to follow NSA guidance. 

Mansfield Technologies only utilizes destruction equipment which has been evaluated by the NSA. Our certificates of destruction also achieve these standards outlined by the NSA and NIST 800-88. By following these policies, controls and standards during IT disposition your organization, by default, exceeds all other standards outlined for specific industries such as regulations  and controls outlined in HIPPA, GDPR, SOX, GLBA, ISO 27799, PCI DSS and others.

After destruction, the resulting by-products are taken off site by Mansfield Tech. These materials contain many precious metals which recycling companies can recover for re-use in future products. 

Unlike many of our competitors, we will NEVER resell your sensitive hardware intact. Some inert components such as cables, heat sinks, server chassis, rack frames, certain models of power supplies, and more can be recycled posing no risk to organizations. 

We work with each customer to clearly communicate which components require destruction and which components we recommend intact recycling. In some cases we can verify the statement of volatility for components in question. If we are ever uncertain our policy is "when in doubt, shred it out".  All recycling partners either hold R2 or e-Stewards certifications.

Cryptographic Erasure is the digital equivalent of throwing your data in a safe and destroying the key to open that safe. The data isn't actually destroyed, just encrypted. The gold standard for encryption today is Advanced Encryption Standard and most organizations today use either 128 bit or 256 bit keys to protect their data. AES has been a fantastic standard and was selected in 2001 by the U.S. National Security Agency to protect classified data. However, Quantum computers are no longer far off science fiction. Both the NIST and the NSA are concerned if AES will hold up against Quantum attacks. While AES 256 is currently considered Quantum "resistant" by the NSA, nobody knows for certain. In 2022 the White House directed the heads of all executive departments and agencies to prepare for post-quantum encryption. It is very possible all encryption available today could be easily broken by 2030. This is why Mansfield Tech recommends even private companies holding PII, PHI, and other sensitive customer information to destroy their Data Bearing Components and not trust encryption alone.

Overwriting hard disk drives with patterns of ones and zeros was a common method of data sanitization. In 1995 the Department of Defense published 5220.22-M which specified a "3 pass" method of sanitization. Then in 2001 due to rising security concerns this manual was updated to a 7-pass method. Eventually in 2011 the DoD abandoned allowing overwriting when sanitizing their sensitive data at the end of it's useful life. In 2021, the NISP Operating Manual became effective as a federal regulation. This is commonly refereed to as "NISPOM rule: and it no longer even refers to overwriting as a sanitization method. 

You occasionally still see companies claiming to follow this standard or to be DoD 5220.22 "compliant". This is now a dead give away of a organization which has failed to keep up with modern sanitization standards. 

Why was overwriting abandoned? Primarily due to new storage technologies being developed and the time needed to implement 3 or 7 pass overwrite methods. Flash based media contain spare cells and perform wear leveling; this makes it infeasible for a user to sanitize all previous data using overwriting. Additionally the data storage capacity (number of read/write sectors) has grown exponentially. In 2002 a high end new hard drive was ~100GB, today 10TB hard drives are available. The time required to overwrite a 10TB hard drive makes the process unpractical. 

DoD 5220.22 was a government focused standard which many private sector companies latched onto during the 2000s. NIST 800-88 was developed to provide a larger scope of media sanitization guidelines for commercial organizations. NIST does still list overwriting as a method of sanitization, but the number of passes have been dropped. NIST 800-88 allows for other techniques such as encryption, factory resets, and block erasure to be viewed as sanitization. But 800-88 is full of caveats and references to different security levels. But All sanitization techniques (including overwriting) are not viewed as appropriate for all commercial security levels. NIST puts the responsibility upon organizations to select appropriate sanitization methods.