Is Your Classified Data Secure? The NSA's MUST-FOLLOW Rules for Data Destruction You Can't Ignore!

Data Destruction Requirements under the National Security Agency's Policy Manual 9-12

In today's world, data is a valuable asset, and its security is of utmost importance, particularly when it involves sensitive national security information. The National Security Agency (NSA) plays a critical role in protecting our nation’s data, and its guidelines on data destruction are integral to ensuring that national security classified information is kept secure and out of unauthorized hands.

One of the primary ways the United States Federal Government uses to enforce data destruction standards for classified data is the NSA Policy Manual 9-12, which outlines strict procedures for destroying of classified and sensitive IT hardware such as hard disk drives. These guidelines are designed to prevent access of classified data even by exotic laboratory style attacks by nation state actors such as the Russian GRU or Chinese MSS. Let’s take a closer look at the key data destruction requirements set forth in the NSA Policy Manual 9-12.

Understanding the Importance of Secure Data Destruction

The NSA's policy on data destruction is not just about cleaning up storage devices; it’s about protecting national security. Improper disposal of sensitive information can lead to devastating consequences, including the unauthorized release of classified data, which could jeopardize both national defense and intelligence efforts. Therefore, adhering to the NSA's data destruction standards is a crucial aspect of maintaining operational security (OPSEC), protecting classified data, and often meeting contractual obligations.

The guidelines in NSA Policy Manual 9-12 help ensure that all information, whether in electronic or physical form, is securely destroyed to prevent any possibility of recovery or exploitation by adversaries.

Key Data Destruction Requirements under NSA Policy Manual 9-12

1. Final Disposition of Media

The NSA mandates that any media containing classified or sensitive data must be completely and securely destroyed when it is no longer needed. This includes:

• Hard Disk drives

• Solid State drives

• Optical discs

• USB drives

• Tapes

• Any other forms of digital or physical media containing sensitive data

The policy requires that all media be sanitized to prevent data recovery, and this destruction process must be irreversible, ensuring that no traces of the data remain.

2. Approved Methods of Data Destruction

NSA Policy Manual 9-12 provides a set of approved methods for data destruction, which must be followed to guarantee that data is thoroughly and securely destroyed. These include:

Degaussing and Destruction: For magnetic based information systems media such as Hard Disk Drives, Tape Drives, Floppy Drives, and Jazz Drives; running the media under a powerful magnetic degausser will wipe out the data. The NSA then requires physical destruction post degaussing for an additional security measure. Hard drive destruction devices are evaluated to ensure they can deform the disk platters into "4 or more" pieces. Hard Drive Shredding equipment is also approved as a destruction device. Be sure to check the field strength of your degausser and document it before destruction operations. You need to ensure your degausser is working as intended to sanitize data. 

Disintegration: For flash based media or other forms of solid state media, organizations can disintegrate down to 2mm dust. This includes media such as solid state drives, printed circuit boards, usb drives, sd cards, and optical media such as DVDs. For Solid State Disintegration machines, pay close attention to equipment's "Acceptable Materials". Some destruction equipment will break trying to destroy difficult media such as enterprise solid state drives due to them having higher metal content (heat sinks) vs other types of solid state media. 

It is important to note that CLASSIFIED HARDWARE MUST BE DESTROYED ONLY BY NSA EVALUATED PRODUCTS. The NSA maintains "Evaluated Products lists" and tests destruction equipment manufacturer claims. 

Incineration: The final option is incineration at 670 degrees C. This is approved for all types of media but has significant drawbacks. First your organization must bring the classified IT hardware to the incineration facility. These classified material movements are quite expensive, labor intensive, and present their own safety and security concerns. Second, some private sector organizations are hesitant to sign contracts directly with incineration facilities due to long term legal liabilities under the EPA's Superfund laws. If the incineration facility goes bankrupt and the EPA declares the facility a Superfund clean up site, the EPA has the authority to go through the books of who used that facility. The EPA will then take these organizations to court to try and secure funds in order to pay for environmental clean-up. We cannot provide legal counsel if you have additional questions get with legal experts in this field. 

3. Documentation of Destruction

NSA Policy Manual 9-12 stresses the importance of maintaining detailed records of data destruction activities and directs organizations to review NSA PM 6-22's "Administrative Declassification" section on documentation requirements. This documentation serves several purposes:

• It provides an audit trail for compliance verification.

• It helps ensure accountability, showing that destruction was carried out properly and securely.

• It serves as evidence in case of audits or investigations.

The required documentation should include:

• The type, manufacturer, and model number of media destroyed.

• The serial numbers of media destroyed

• The method used for destruction (e.g. destruction, degaussing, disintegration, or incineration).

• The date and time of destruction.

• The classification of the hardware being destroyed.

• The reason for the destruction and release of the media.

• The personnel responsible for carrying out the destruction.

• A government representative or information systems security office supervising the destruction activities.

Proper documentation is essential for both internal record-keeping and demonstrating compliance during audits or inspections.

4. Destruction of Backup and Redundant Copies

In addition to the primary copies of classified or sensitive data, backup copies and redundant storage devices must also be destroyed. Often, sensitive data is backed up to ensure redundancy and continuity of operations. These backups, regardless of their format, must be destroyed using the same methods and standards as the original data to prevent any risk of information leakage.

5. Third-Party Contractors and Data Destruction

The NSA recognizes that organizations may use third-party contractors to perform data destruction. In such cases, the NSA requires that these contractors comply fully with the PM 9-12's standards. However the NSA DOES NOT EVALUATE DESTRUCTION CONTRACTORS. They only evaluate destruction equipment manufacturer's machines. Every organizations seeking to outsource their classified destruction to third-party vendors should explicitly outline the data destruction standards required.

Organizations must verify that any contractor they work with for classified destruction are fully compliant with NSA standards before entrusting them with data destruction responsibilities. If the contractor personnel are not cleared or read-on to the classified program, they need to be supervised by 2 cleared personnel until all classified media is sanitized.

6. Security of Data During Destruction

NSA Policy Manual 9-12 and 6-22 also mandates that appropriate security measures be taken while data is being destroyed. This includes ensuring that data is securely transported to destruction facilities, protecting data from unauthorized access during the process, and preventing leaks or breaches during the destruction phase.

We offer mobile destruction trucks and typically work with customers to set up a Temporary Secure Working Area (TSWA) to maintain control and accountability of classified materials. This usually involves guards, visual barriers, and customer support personnel. 

7. Destruction of Physical Records

In addition to digital media, the NSA’s policy extends to physical records, including paper documents, that contain classified or sensitive information. These documents must be shredded or otherwise destroyed using evaluated destruction equipment. Simply discarding or recycling documents is not enough. Proper handling and disposal of physical records are just as crucial as digital data destruction.

Why Compliance with NSA Policy Manual 9-12 is Crucial

Adherence to the NSA's data destruction requirements is critical for national security. Improper destruction of sensitive or classified data could expose the U.S. government, military, or intelligence agencies to risks such as espionage, data breaches, or adversarial exploitation. It’s not just about protecting physical or digital assets—it’s about safeguarding the very systems that ensure the security of our nation.

Organizations that handle classified information, whether governmental or contracted, must remain diligent in their efforts to meet these destruction standards. This is not just a matter of policy—it’s a matter of national security.

Best Practices for Ensuring Compliance with the NSA Policy Manual 9-12.

While NSA PM 9-12 offers clear guidelines for data destruction, successful implementation requires more than just following technical steps. Organizations should also:

1. Review Media Sanitization Obligations During RFP: Too many private sector companies have been caught off guard by classified media sanitization requirements and didn't account for this cost. Then years into a contract they realize they need to spend significant sums of money destroying classified hardware. Don't be scared of NSA PM 9-12, just plan for it and factor it into your bid. 

2. Develop a Media Sanitization Plan: Speaking of planning, create and enforce a clear Media Sanitization Plan that outlines the procedures for sanitizing and disposing of data across all departments. This includes the secure storage of old classified hardware pending sanitization. Too many organization's ISSMs, ISSOs, FSOs and leadership are completely disconnected from media sanitization and disposition decisions.

3. Train Employees: Ensure staff members understand the importance of proper data destruction and are trained in the correct procedures for sanitizing data. Ensure they understand the differences between types of media and the different options for media destruction under 9-12. Ensure they understand the types of media in classified IT systems and how to inspect systems and confirm all media is destroyed.

4. Use Reputable Vendors: Mansfield Technologies is one of a handful of companies in the country which can offer some form of NSA PM 9-12 compliant destruction services. Before you select an outside vendor for classified IT destruction services ask lots of questions. Use NSA PM 9-12 to evaluate if their destruction equipment and techniques are compliant.

5. Conduct Regular Audits: Regularly audit data destruction practices to ensure compliance with NSA and Sponsor security policies and verify that no classified information is at risk of being compromised. Organizational leadership should periodically audit the existing processes or outside vendors to ensure they are still compliant.

6. When in doubt, shred it out: National security organizations have 0 risk tolerance for data breaches which can result classified data being leaked. If your team cannot recognize the difference between a NVME M.2 SSD and DIMM stick; find someone who can and don't risk it. In order to implement NSA PM 9-12 by the letter, it does require a combination of IT hardware technical knowledge and knowledge of destruction methodologies.

7. Stay up to date: The NSA Center for Storage Device Sanitization Research does update Policy Manual 9-12 and the Evaluated Products lists on a regular basis. As new destruction equipment is evaluated and new types of media are developed, the NSA guidance can change.

8. Think before you connect: Before you connect a new type of hardware to a classified network, review the NSA's guidance on how to destroy. New technologies like HAMR and MAMR drives today (JAN 2025) can only be sanitized via Incineration. Devices with lithium ion batteries within such as iPads and Battery Backup Units can also be very difficult to sanitize due to the manual effort required to disassemble safely. 

9. Other Standards: Some government organizations can decide to "add to" or "restrict" options under NSA 9-12 for various reasons. NSA PM 9-12 is still the CFR referenced standard and parts of the governments cannot go below this destruction standard. 

Conclusion

The NSA Policy Manual 9-12 provides a comprehensive framework for the secure destruction of sensitive and classified data. By following NSA PM 9-12, organizations ensure that data is disposed of in a way that prevents unauthorized access, maintains compliance with national security standards, and upholds operational security. Whether it's through, degaussing, disintegration, or incineration, these processes help protect against data breaches and safeguard critical information from falling into the wrong hands. For organizations handling sensitive data, adhering to these destruction protocols is essential for protecting both national security and the integrity of their operations. If your organization needs assistance in following NSA PM 9-12 please reach out to us at contact@mansfieldtech.us

Written by Christopher McDevitt with assistance from AI.