NSA/CSSSTORAGEDEVICEDECLASSIFICATIONMANUAL (ThisManual912supersedesNSA/CSSManual1302,dated10November2000.) PROCEDURES 1.Guidanceforthesanitization,declassification,andreleaseofISstoragedevicesnot coveredbythisdocumentmaybeobtainedbysubmittingallpertinentinformationtoNSA/CSS (Attn:LL43MediaTechnologyCenter,3016881053). MAGNETICSTORAGEDEVICES 2.MagneticTapes a.Sanitization:Sanitizemagnetictapesinaccordancewitheitherofthefollowing procedures.Removealllabelsormarkingsthatindicateprevioususeorclassification. 1)Degaussing:DegaussusinganNSA/CSSevaluateddegausserper Referencea. 2)Incineration:Incineratemagnetictapeinalicensedincineratorin accordancewiththeproceduresestablishedforthecontrolleddestructionof classifiedorsensitivematerials.

b.Declassification:Declassifymagnetictapesonlyafterapprovedverification andreviewproceduresarecompletedperReferenceb. c.Release:UnlessotherwisespecifiedbytheappropriateISSecurityOfficer(or equivalent),declassifiedmagnetictapesmaybereleasedfordisposalorrecyclingonly aftersanitizationproceduresandadeclassificationreviewhavebeencompleted. 3.MagneticDisks:Magneticdisksincludeharddiskdrivesanddiskettes. a.HardDiskDrives 1)Sanitization:Sanitizeharddiskdrivesusingoneofthefollowing procedures.Removealllabelsormarkingsthatindicateprevioususeor classification. a)SanitizationwithAutomaticDegausser:(1)Removethehard diskdrivefromthechassisorcabinet(2)removeanysteelshielding materialsormountingbracketswhichmayinterferewithmagneticfields (3)placetheharddiskdriveinanNSA/CSSevaluateddegausserper

Referenceaanderase.Althoughnotrequired,itishighlyrecommended that theharddiskdrivebephysicallydamagedpriortorelease. NOTE ERASUREOFHARDDISKDRIVESCAUSESPERMANENT DAMAGETHATPROHIBITSTHEIRCONTINUEDUSE. b)SanitizationwithDegaussingWand:Sanitizeharddiskdrives bydisassemblingthedeviceanderasingallsurfacesoftheenclosed platterswithanNSA/CSSevaluatedhandhelddegaussingwandper Referencea.Althoughnotrequired,itishighlyrecommendedthatthe harddiskdrivebephysicallydamagedpriortorelease. NOTE ERASUREOFHARDDISKDRIVESCAUSESPERMANENT DAMAGETHATPROHIBITSTHEIRCONTINUEDUSE. c)SanitizationbyIncineration:Incinerateharddiskdrivesina licensedincineratorinaccordancewiththeproceduresestablishedforthe controlleddestructionofclassifiedorsensitivematerials. 2)Declassification:Declassifyharddiskdrivesonlyafterapproved verificationandreviewproceduresarecompletedperReferenceb. 3)Release:UnlessotherwisespecifiedbytheappropriateISSecurity Officer(orequivalent),declassifiedharddiskdrivesmaybereleasedfordisposal orrecyclingonlyaftersanitizationproceduresandadeclassificationreviewhave beencompleted. b.Diskettes 1)Sanitization:Sanitizediskettesbydegaussing,shredding,or incineration.Removealllabelsormarkingsthatindicateprevioususeor classification. a)SanitizationbyDegaussing:Degaussthediskettesinan NSA/CSSevaluateddegausserperReferencea. b)SanitizationbyShredding:ShreddiskettesusinganNSA/CSS evaluatedhighsecuritycrosscutpapershredder,perReferencee.Remove diskettecoverandmetalhubpriortoshredding. c)SanitizationbyDisintegration:Disintegratediskettesusingan NSA/CSSevaluatedhighsecuritydisintegratorperReferenced.

d)SanitizationbyIncineration:Incineratediskettesinalicensed incineratorinaccordancewiththeproceduresestablishedforthe controlleddestructionofclassifiedorsensitivematerials. 2)Declassification:Declassifydiskettesonlyafterapprovedverification andreviewproceduresarecompletedperReferenceb. 3)Release:UnlessotherwisespecifiedbytheappropriateISSecurity Officer(orequivalent),declassifieddiskettesmaybereleasedfordisposalor recyclingonlyaftersanitizationproceduresandadeclassificationreviewhave beencompleted. OPTICALSTORAGEDEVICES 4.OpticalstoragedevicesincludeCompactDisks(CD)andDigitalVersatileDisks (DVD) a.Sanitization:Sanitizeopticalstoragedevicesusingoneofthefollowing procedures.Removealllabelsormarkingsthatindicateprevioususeorclassification. 1)SanitizationbyGrinding:UseanNSA/CSSevaluatedopticalstorage devicegrinder,perReferencec,toremovetheinformationbearinglayersofonly CDstoragedevices.DVDscannotbesanitizedbythismethodsincethe informationbearinglayersaresandwichedinthecenter. 2)SanitizationbyShredderorDisintegrator:UseanNSA/CSSevaluated opticalstoragedeviceshredderperReferencec,ordisintegratorperReferenced, toreduceCDandDVDstoragedevicesintoparticlesthathavenominaledge dimensionsof5millimetersorlessandsurfaceareaof25squaremillimetersor less. 3)SanitizationbyEmbossing/Knurling:UseanNSA/CSSevaluated opticalstoragedeviceembosser/knurler,perReferencec,forCDandDVD storagedevices. 4)SanitizationbyIncineration:Incinerateopticalstoragedevicesina licensedincineratorinaccordancewiththeproceduresestablishedforthe controlleddestructionofclassifiedorsensitivematerials.Materialmustbe reducedtowhiteash. b.Declassification:Declassifyopticalstoragedevicesonlyafterapproved verificationandreviewproceduresarecompletedperReferenceb.

c.Release:UnlessotherwisespecifiedbytheappropriateISSecurityOfficer(or equivalent),declassifiedopticalstoragedevicesmaybereleasedfordisposalorrecycling onlyaftersanitizationproceduresandadeclassificationreviewhavebeencompleted. SOLIDSTATESTORAGEDEVICES 5.SolidStateStorageDevicesincludeRandomAccessMemory(RAM),ReadOnly Memory(ROM),FieldProgrammableGateArray(FPGA),SmartCards,andFlash Memory. a.Sanitization:Sanitizesolidstatedeviceswiththefollowingproceduresor sanitizebysmeltinginalicensedfurnaceat1,600degreesCelsiusorhigheror disintegrateintoparticlesthatarenominally2millimeteredgelengthinsizeusingan NSA/CSSevaluateddisintegratorperReferenced.Removealllabelsormarkingsthat indicateprevioususeorclassification. 1)DRAMandSRAM:SanitizeDRAMandSRAMbyremovingthe power.Oncepowerisremoved,sanitizationisinstantaneous.Or,sanitize functioningDRAMandSRAMbyoverwritingalllocationswithaknown unclassifiedpattern.Verifytheoverwriteprocedurebyrandomlyrereadingthe overwritteninformationtoconfirmthatonlytheknownpatterncanberecovered. 2)FerroelectricRandomAccessMemory(FRAM)andMagnetic RandomAccessMemory(MRAM)(NonVolatile):SanitizefunctioningFRAM andMRAMbyoverwritingalllocationswithaknownunclassifiedpattern. Verifytheoverwriteprocedurebyrandomlyrereadingtheoverwritten informationtoconfirmthatonlytheknownpatterncanberecovered. 3)EPROMandUVEPROM:SanitizeEPROMandUVEPROMby performinganultravioleteraseaccordingtothemanufacturer'srecommendations, butincreasethetimerequirementbyafactorofthree.Next,overwriteallbit locationswithaknownunclassifiedpattern. 4)EEPROM:SanitizeEEPROMbyoverwritingalllocationswitha knownunclassifiedpattern.Verifytheoverwriteprocedurebyrandomlyre readingtheoverwritteninformationtoconfirmthatonlytheknownpatterncanbe recovered. 5)PROM:Sanitizeonlybysmelting. 6)FPGA(NonVolatile):SanitizeFPGAbyoverwritingalllocationswith aknownunclassifiedpattern.Verifytheoverwriteprocedurebyrandomlyre readingtheoverwritteninformationtoconfirmthatonlytheknownpatterncanbe recovered.

7)FPGA(Volatile):SanitizeFPGAbyremovingthepower.Oncepower isremoved,sanitizationisinstantaneous. 8)SmartCards:SanitizeSmartCardsbyshreddingwithastripshredder orwithscissors. a)SanitizationwithaStripShredder:Astripshredderwitha maximumwidthof2millimeterswilldestroythemicrochip,barcode, magneticstripandwritteninformationontheSmartCard.SmartCards mustbeinserteddiagonallyintothestripshredderata45degreeanglefor propersanitization. NOTE:ACROSSCUTSHREDDERWILLNOTSANITIZESMART CARDS. b)SanitizationwithScissors:CuttheSmartCardintostrips diagonallyata45degreeangle,insuringthatthemicrochipiscutthrough thecenter.Insurethatthebarcode,magneticstrip,andwritteninformation arecutintoseveralpiecesandthewritteninformationisunreadable. 9)FlashMemory:SanitizeEEPROMbyoverwritingalllocationswitha knownunclassifiedpattern.Verifytheoverwriteprocedurebyrandomlyre readingtheoverwritteninformationtoconfirmthatonlytheknownpatterncanbe recovered. b.Declassification:Declassifysolidstatestoragedevicesonlyafter approvedverificationandreviewproceduresarecompletedperReferenceb. c.Release:UnlessotherwisespecifiedbytheappropriateISSecurityOfficer(or equivalent),declassifiedsolidstatestoragedevicesmaybereleasedfordisposalor recyclingonlyaftersanitizationproceduresandadeclassificationreviewhavebeen completed. HARDCOPYSTORAGEDEVICES 6.HardCopyStorageDevicesincludepaper,microforms,andmonitorswith burnin. a.Sanitization:Sanitizehardcopystoragedeviceswiththefollowingprocedures. 1)Sanitizepaperbyburning,chopping,crosscutshreddingusingan NSA/CSSevaluatedcrosscutshredder,perReferencee,pulverizing,orwet pulping.Whenburned,materialresiduemustbereducedtowhiteash.When chopping,shredding,pulverizing,orwetpulping,materialresiduemustbe reducedtopieces5millimeterssquareorsmaller.

2)Sanitizemicroforms(microfilm,microfiche,orotherreducedimage photonegatives)byburningorbychemicalmeans,suchasimmersionin householdbleach(i.e.,sodiumhypochlorite)forfilmmastersandacetoneor methylenechloridefordiazoreproductions.Whenburned,materialresiduemust bereducedtowhiteash. 3)Sanitizemonitorsexhibitingburninbydestroyingthesurfaceofthe monitorintopiecesnolargerthan5centimeterssquare. b.Declassification:Declassifyhardcopystoragedevicesonlyafterapproved verificationandreviewproceduresarecompletedperReferenceb. c.Release:UnlessotherwisespecifiedbytheappropriateISSecurityOfficer(or equivalent),declassifiedhardcopystoragedevicesmaybereleasedfordisposalor recyclingonlyaftersanitizationproceduresandadeclassificationreviewhavebeen completed. RESPONSIBILITIES 7.LogisticsServicesMediaTechnologyCentershallprovidetechnicalguidanceforthe sanitization,declassification,andreleaseofISstoragedevices. 8.NSA/CSSandallelementsusingthismanualshall: a.Protectclassifiedorsensitiveinformation,andmakefinal decisionsto declassifyorreleaseISstoragedevicesorrefertotheirISsecurityofficerforguidance b.Establishandmaintainacompilationofguidanceandproceduresforthe sanitization,declassification,andreleaseofclassifiedorsensitiveinformationonIS storagedevicesand c.ComplywiththeDirectorofCentralIntelligenceDirective(DCID)6/3, ProtectingSensitiveCompartmentInformationWithinInformationSystemsManual, dated11December2003(Referencef). REFERENCES 9.References: a. NSA/CSSDegausserEvaluatedProductsList. b. NSA/CSSManual1301,AnnexD,Declassification&Releaseof NSA/CSS InformationStorageMedia. c.NSA/CSSSpecification0402,OpticalMediaDestructionDevices,andEPL 0402EvaluatedProductsList.

d.NSA/CSSSpecification0202,HighSecurityDisintegrators,andEPL0202 EvaluatedProductsList. e.NSA/CSSSpecification0201,HighSecurityCrosscutPaperShredders. f.DirectorofCentralIntelligenceDirective(DCID)6/3,ProtectingSensitive CompartmentInformationWithinInformationSystemsManual. DEFINITIONS 10. BurnIn Atendencyforanimagethatisshownonadisplayoveralongperiodoftimeto becomepermanentlyfixedonthedisplay.Thisismostoftenseeninemissivedisplayssuchas CathodeRayTube(CRT)andPlasma,becausechemicalchangescanoccurinthephosphors whenexposedrepeatedlytothesameelectricalsignals. 11. CoerciveForceAnegativeorreversemagneticforceappliedforthepurposeofreducing magneticfluxdensity. 12. Declassification Anadministrativedecision/action,basedonaconsiderationofriskbythe owner,wherebytheclassificationofaproperlysanitizedstoragedeviceisdowngradedto UNCLASSIFIED. 13. DegausserAnelectricaldeviceorpermanentmagnetassemblywhichgeneratesacoercive magneticforceforthepurposeofdegaussingmagneticstoragedevicesorothermagnetic material. 14. Degaussing(orDemagnetizing)Processforreducingthemagnetizationofamagnetic storagedevicetozerobyapplyingareverse(coercive)magnetizingforce,renderingany previouslystoreddataunreadableandunintelligible,andensuringthatitcannotberecoveredby anytechnologyknowntoexist. 15. InformationSystem(IS)StorageDevicesThephysicalstoragedevicesusedbyanISupon whichdataisrecorded. 16. RecyclingEndstateforISstoragedevicesprocessedinsuchawayastomakethemready forreuse,adaptthemtoanewuse,ortoreclaimconstituentmaterialsofvalue. 17. Sanitization Theremovalofinformationfromthestoragedevicesuchthatdatarecovery usinganyknowntechniqueoranalysisisprevented.Sanitizationincludestheremovalofdata fromthestoragedevice,aswellastheremovalofalllabels,markings,andactivitylogs.The methodofsanitizationvariesdependinguponthestoragedeviceinquestion,andmayinclude degaussing,incineration,shredding,grinding,embossing,chemicalimmersion,etc.