DON'T LET A DATA BREACH DEVASTATE YOUR BUSINESS.
What do you do with your old IT hardware? How certain are you that old IT equipment doesn't pose a risk to your organization?
Many organizations responsible for safeguarding confidential and classified data struggle with how to dispose of IT equipment at its end of life.
This is our specialty; let us help you.
Intelligent IT Asset Disposition (ITAD).
Mansfield Tech is bringing our technical skills to the IT Asset Disposition market. We want to help your organization reduce security vulnerabilities, while also responsibly recycling IT Assets. We will work with your team to examine your risk profile and can help you achieve the highest security standards outlined by the National Security Agency (NSA) and the National Institute of Science and Technology (NIST).
Mobile Destruction Trucks
We offer mobile destruction services which can destroy up to classified national security data. Your IT assets are physically destroyed on-site under your supervision. Once destruction activities have been completed, we will provide your organization with a Certificate of Destruction (CODs) which can achieve the standards outlined in NIST 800-88 and NSA PM 9-12.
These COD will prove that your organization destroyed your data at the highest levels and will build confidence with your customers. All destroyed by-products have been proven by the NSA to pose minimal risk to your organization. These by-products are then taken off site and recycled to recover the raw materials.
CONSULTATION
We also have the technical expertise to advise you on which destruction techniques are appropriate for different types of computer hardware.
Mansfield Technologies LLC is a certified SDVOSB founded by a 10 year veteran of the U.S. Army Signal Corps, who also has additional 6 years experience supporting the U.S. Intelligence Community. We are a company of veterans, members of the National Guard and Reserves, and former Intelligence Community members. We can provide staff with TS/SCI and ISA/TS clearances with the U.S. Government.
If you choose Mansfield Tech to be your ITAD partner, you can sleep a little easier at night knowing your old IT hardware has been destroyed securely and recycled responsibility.
email: contact@mansfieldtech.us
UEI: SKVZDQ3WXKM3
DOD CAGE: 9P0F2
NOTHING IS BURGLAR PROOF, FIRE PROOF, OR BULLET PROOF; EVERYTHING IS RESISTANT. THE SAME APPLIES TO CYBER SECURITY.
Hard disk drives, Solid State drives, M.2 drives, tape, floppy disks, RAID cards, SD cards, USB drives, the list of computer hardware which could hold sensitive data seems to grow every day. If it is smart, it is vulnerable. Mansfield Tech can assist you in determining which hardware needs to be destroyed and how to properly destroy it. We can also help you determine which NIST 800-88 security level to follow or if you need to achieve NSA PM 9-12.
Secure Mobile Electronic Destruction Vehicles come to your specified location. This allows your staff to observe all destruction processes. Destruction of Customer Data Bearing Components (AKA "Media") remains under your supervision and you will have peace of mind knowing that all your data has been destroyed to NSA and NIST standards.
WHO DO WE SERVE?
We can assist organizations of all sizes and with different levels of security needs. While we can achieve the highest standards for classified IT destruction, we customize our processes to achieve your organizations required outcomes. Our customers include federal agencies, military units, law enforcement departments, healthcare operations, financial institutions, local government, and more organizations. Contact us for a custom recommendation and quote for your organization's specific needs.
Being located out of Mansfield, Ohio presents many advantages to our business. We are within 600 miles of 60% of the United States population. Depending on the volume of your IT equipment requiring destruction, we can support any location within contiguous 48 States.
Email us to see how Mansfield Tech can help with your IT Asset Disposition problems.
contact@mansfieldtech.us
WHICH DESTRUCTION STANDARD IS RIGHT FOR YOU?
NIST 800-88 and 800-53 outline recommendations and security controls based upon the sensitivity of data, but your organization is responsible to evaluate and choose appropriate security controls.
For classified data, Combined Federal Regulations require all organizations regardless of agency, military branch, and contract vehicle to follow NSA guidance.
Mansfield Technologies only utilizes destruction equipment which has been evaluated by the NSA. Our certificates of destruction also achieve these standards outlined by the NSA and NIST 800-88. By following these policies, controls and standards during IT disposition your organization, by default, exceeds all other standards outlined for specific industries such as regulations and controls outlined in HIPPA, GDPR, SOX, GLBA, ISO 27799, PCI DSS and others.
WHAT HAPPENS POST DESTRUCTION?
After destruction, the resulting by-products are taken off site by Mansfield Tech. These materials contain many precious metals which recycling companies can recover for re-use in future products.
Unlike many of our competitors, we will NEVER resell your sensitive hardware intact. Some inert components such as cables, heat sinks, server chassis, rack frames, certain models of power supplies, and more can be recycled posing no risk to organizations.
We work with each customer to clearly communicate which components require destruction and which components we recommend intact recycling. In some cases we can verify the statement of volatility for components in question. If we are ever uncertain our policy is "when in doubt, shred it out". All recycling partners either hold R2 or e-Stewards certifications.
WHAT ABOUT CRYPTOGRAPHIC TECHNIQUES? (ENCRYPTION)
Cryptographic Erasure is the digital equivalent of throwing your data in a safe and destroying the key to open that safe. The data isn't actually destroyed, just encrypted. The gold standard for encryption today is Advanced Encryption Standard and most organizations today use either 128 bit or 256 bit keys to protect their data. AES has been a fantastic standard and was selected in 2001 by the U.S. National Security Agency to protect classified data. However, Quantum computers are no longer far off science fiction. Both the NIST and the NSA are concerned if AES will hold up against Quantum attacks. While AES 256 is currently considered Quantum "resistant" by the NSA, nobody knows for certain. In 2022 the White House directed the heads of all executive departments and agencies to prepare for post-quantum encryption. It is very possible all encryption available today could be easily broken by 2030. This is why Mansfield Tech recommends even private companies holding PII, PHI, and other sensitive customer information to destroy their Data Bearing Components and not trust encryption alone.
WHAT ABOUT OVERWRITING? (DoD 5220.22)
Overwriting hard disk drives with patterns of ones and zeros was a common method of data sanitization. In 1995 the Department of Defense published 5220.22-M which specified a "3 pass" method of sanitization. Then in 2001 due to rising security concerns this manual was updated to a 7-pass method. Eventually in 2011 the DoD abandoned allowing overwriting when sanitizing their sensitive data at the end of it's useful life. In 2021, the NISP Operating Manual became effective as a federal regulation. This is commonly refereed to as "NISPOM rule: and it no longer even refers to overwriting as a sanitization method.
You occasionally still see companies claiming to follow this standard or to be DoD 5220.22 "compliant". This is now a dead give away of a organization which has failed to keep up with modern sanitization standards.
Why was overwriting abandoned? Primarily due to new storage technologies being developed and the time needed to implement 3 or 7 pass overwrite methods. Flash based media contain spare cells and perform wear leveling; this makes it infeasible for a user to sanitize all previous data using overwriting. Additionally the data storage capacity (number of read/write sectors) has grown exponentially. In 2002 a high end new hard drive was ~100GB, today 10TB hard drives are available. The time required to overwrite a 10TB hard drive makes the process unpractical.
DoD 5220.22 was a government focused standard which many private sector companies latched onto during the 2000s. NIST 800-88 was developed to provide a larger scope of media sanitization guidelines for commercial organizations. NIST does still list overwriting as a method of sanitization, but the number of passes have been dropped. NIST 800-88 allows for other techniques such as encryption, factory resets, and block erasure to be viewed as sanitization. But 800-88 is full of caveats and references to different security levels. But All sanitization techniques (including overwriting) are not viewed as appropriate for all commercial security levels. NIST puts the responsibility upon organizations to select appropriate sanitization methods.
Don't cut corners.
Morgan Stanley hired a IT Asset Disposition company to handle their old IT Assets. There were two problems with this decision. First this company had "no experience or expertise in data sanitization services" according to the SEC. Second, Morgan Stanley failed themselves to sanitize the data before handing the hardware over to said moving company. This ITAD company had a financial motive to simply sell this hardware via third-parties as "refurbished" hardware. This resulted in Morgan Stanley's old IT hardware being sold on the internet with data still intact. This resulted in millions customers' private data being available on thousands of old hard drives to the highest bidder. The vast majority of these hard drives were never recovered. The liability and responsibility to protect this data was NOT with the moving company. When customers give YOU their personal data, YOU are responsible to protect that data. Morgan Stanley's failures resulted in fine of $35 million penalty from the SEC in 2022. Additionally they needed to settle a class action lawsuit with customers for $60 million and suffered a significant loss of trust.
Chris McDevitt
Founder and CEO
Brent Humberson
President