Frequently Asked Questions

Hard Drive destruction (including other forms of media such as solid state drives) is critical for protecting sensitive information from being accessed. Deleting files or formatting the drive does not completely remove the data. Other methods such as NIST 800-88 Purging are often difficult to scale and prone to human error. Physical destruction provides you the highest level of certainty that data is irrecoverable and protects against data breaches and identity theft. 

While rates differ by location, destruction standard required, number of drives you have, and urgency of required services; most customers pay between $5 and $20 per drive. The more hard drives you have to destroy, the lower of cost per drive. 

Please email us at contact@mansfieldtech.us for a detailed cost estimate. 

NIST 800-88 and 800-53 outline recommendations and security controls based upon the sensitivity of data, but your organization is responsible to  evaluate and choose appropriate security controls. 

For classified data, Combined Federal Regulations require all organizations regardless of agency, military branch, and contract vehicle to follow NSA guidance. 

If you want to deep dive a specific regulation, please review our "Data Destruction Standards" page.

Hard Drive destruction (including other forms of media such as solid state drives) is critical for protecting sensitive information from being accessed. Deleting files or formatting the drive does not completely remove the data. Other methods such as NIST 800-88 Purging are often difficult to scale and prone to human error. Physical destruction provides you the highest level of certainty that data is irrecoverable and protects against data breaches and identity theft. 

Cryptographic Erasure is the digital equivalent of throwing your data in a safe and destroying the key to open that safe. The data isn't actually destroyed, just encrypted. The gold standard for encryption today is Advanced Encryption Standard and most organizations today use either 128 bit or 256 bit keys to protect their data. AES has been a fantastic standard and was selected in 2001 by the U.S. National Security Agency to protect classified data. However, Quantum computers are no longer far off science fiction. 

Both the NIST and the NSA are concerned if AES will hold up against Quantum attacks. While AES 256 is currently considered Quantum "resistant" by the NSA, nobody knows for certain. In 2022 the White House directed the heads of all executive departments and agencies to prepare for post-quantum encryption. 

In December of 2024 the Australian Signals Directorate set a goal to sunset many commonly used encryption standards today by 2030: The development and procurement of new cryptographic equipment and software ensures support for the use of ML-DSA-87, ML-KEM-1024, SHA-384, SHA-512 and AES-256 by no later than 2030." 

It is very possible all encryption available today could be easily broken by 2030. This is why Mansfield Tech recommends even private companies holding PII, PHI, and other sensitive customer information destroy their data and not rely upon encryption alone.

Overwriting hard disk drives with patterns of ones and zeros was a common method of data sanitization. In 1995 the Department of Defense published 5220.22-M which specified a "3 pass" method of sanitization. Then in 2001 due to rising security concerns this manual was updated to a 7-pass method. Eventually in 2011 the DoD abandoned allowing overwriting when sanitizing their sensitive data at the end of it's useful life. In 2021, the NISP Operating Manual became effective as a federal regulation. This is commonly refereed to as "NISPOM rule: and it no longer even refers to overwriting as a sanitization method. 

You occasionally still see companies claiming to follow this standard or to be DoD 5220.22 "compliant". This is a dead give away of an organization which has failed to keep up with modern sanitization standards. 

Why was overwriting abandoned? Primarily due to new storage technologies being developed and the time needed to implement 3 or 7 pass overwrite methods. Flash based media contain spare cells and perform wear leveling; this makes it infeasible for a user to sanitize all previous data using overwriting. Additionally the data storage capacity (number of read/write sectors) has grown exponentially. In 2002 a high end new hard drive was ~100GB, today 10TB hard drives are available. The time required to overwrite a 10TB hard drive makes the process unpractical. 

DoD 5220.22 was a government focused standard which many private sector companies latched onto during the 2000s. NIST 800-88 was developed to provide a larger scope of media sanitization guidelines for commercial organizations. NIST does still list overwriting as a method of sanitization, but the number of passes have been dropped. NIST 800-88 allows for other techniques such as encryption, factory resets, and block erasure to be viewed as sanitization. But 800-88 is full of caveats and references to different security levels. But All sanitization techniques (including overwriting) are not viewed as appropriate for all commercial security levels. NIST puts the responsibility upon organizations to select appropriate sanitization methods.