NSA Compliant Hard Drive Destruction

NSA/CSS Specification 9-12, also known as the Storage Device Sanitization and Destruction Manual, is the official standard for secure destruction of digital media containing classified or sensitive government information.

The purpose of this specification is to prevent any possibility of data recovery from destroyed storage devices. It applies to multiple media types, including the following.

• Hard disk drives (HDDs)
• Solid-state drives (SSDs)
• Flash drives and USB devices
• M.2 and NVMe modules

For solid-state and flash-based media, the NSA requires that all material be reduced to 2mm particles or smaller to ensure complete data destruction.

All destruction devices used for NSA-compliant operations, such as shredders, disintegrators, and degaussers, must be approved and listed by the NSA. These devices appear on the NSA/CSS Evaluated Products List (EPL) and are tested to verify that they meet government destruction requirements. Each storage type requires a specific approach.

• Magnetic Drives (HDDs) – Must be degaussed to erase data and then physically destroyed by crushing or shredding.
• Solid-State Media (SSDs, flash drives) – Must be disintegrated to a particle size of 2mm or smaller, since degaussing is ineffective on solid-state devices.

Our team uses only NSA-approved equipment for classified destruction projects, ensuring that every device is handled according to the correct destruction protocol.

To comply with NSA standards, every destruction event must be witnessed by at least two authorized personnel. This ensures accountability and verification that materials are destroyed in accordance with national security requirements. Detailed records must be kept throughout the process.

• The date and time of destruction
• Equipment type and destruction method
• Device serial numbers or asset tags
• Personnel and witness names

Upon completion, Marrs Recycling issues a Certificate of Destruction confirming all details of the process. This certificate serves as official proof for compliance audits and government recordkeeping.

The destruction method depends on the type of storage media.

• Hard Drives (Magnetic Media) – Must first be degaussed, which erases magnetic data, followed by physical destruction through shredding, crushing, or deforming the platters. The NSA does not require a specific shred size for hard drives as long as the platters are permanently damaged.
• Solid-State and Flash Media – Must be disintegrated into particles no larger than 2mm to ensure that stored data cannot be recovered from microchips.

We strictly adhere to these particle size and destruction standards, guaranteeing complete compliance with NSA/CSS Specification 9-12.

Organizations handling classified information must maintain documentation of all destruction processes and ensure their vendors use NSA-approved equipment. If in-house systems are not on the NSA/CSS Evaluated Products List, a certified destruction vendor must be used. The audit documentations are listed below.

• Equipment make, model, and serial number
• Verification reports and destruction logs
• Certificates of Destruction with witness signatures

We provide complete documentation and audit support to help clients remain compliant during Defense Counterintelligence and Security Agency (DCSA) inspections and federal security audits.

The NSA publishes several key documents to guide contractors and agencies in meeting the requirements for destroying classified data, including the following.

• NSA/CSS Storage Device Sanitization Manual 9-12 – Outlines detailed destruction methods and equipment specifications.
• NSA/CSS Policy 6-22 – Handling of NSA/CSS Information Storage Media – Defines responsibilities for securely managing and disposing of NSA-controlled information.

These publications collectively establish the foundation for the secure destruction of digital media within federal and defense environments.

Marrs Recycling offers comprehensive NSA-compliant data destruction services for defense contractors, government agencies, and other organizations handling classified or sensitive materials. Our processes, personnel, and equipment meet all federal requirements for security and accountability.

Whether you need on-site witnessed destruction, serialized reporting, or comprehensive audit documentation, our team delivers verified, secure, and fully compliant digital media destruction solutions designed to protect national security information and maintain regulatory compliance.