NSA Rules for Data Destruction
Is Your Classified Data Secure? The NSA's must follow Rules for Data Destruction You Can't Ignore!
Classified IT Sanitization:What Changed in 2026
In today's world, data is a valuable asset, and its security is of utmost importance, particularly when it involves sensitive national security information. The National Security Agency (NSA) plays a critical role in protecting our nation’s data, and its guidelines on data destruction are integral to ensuring that national security classified information is kept secure and out of unauthorized hands.
One of the primary ways the United States Federal Government uses to enforce data destruction standards for classified data is the NSA Policy Manual 9-12, which outlines strict procedures for destroying of classified and sensitive IT hardware such as hard disk drives. These guidelines are designed to prevent access of classified data even by exotic laboratory style attacks by nation state actors such as the Russian GRU or Chinese MSS. Let’s take a closer look at the key data destruction requirements set forth in the NSA Policy Manual 9-12.
Overview
What Is NSA/CSS Policy Manual 9-12?
NSA/CSS Policy Manual 9-12 is the National Security Agency's authoritative guidance for the routine sanitization of information system (IS) storage devices prior to disposal or recycling. It governs how every type of classified storage media — from paper documents to hard disk drives to solid-state memory — must be handled to prevent classified data recovery by any known technique.
The manual applies to all NSA/CSS elements, contractors, and personnel and covers storage devices that may contain information ranging from unclassified to Top Secret, including compartmented, sensitive, or limited-distribution material. Compliance is not optional — it is a legal and regulatory requirement for anyone operating within the NSA/CSS ecosystem.
VERSION: FEBRUARY 2026
Storage Device Sanitization Manual
The 2026 reissuance introduces expanded guidance for emerging storage technologies — most notably Heat-Assisted Magnetic Recording (HAMR) drives — and updates regulatory references to reflect current DoD and Intelligence Community standards.
VERSION: DECEMBER 2020
Storage Device Sanitization & Destruction Manual
The 2020 edition established the baseline framework for sanitization procedures across hard-copy, magnetic, optical, and solid-state media. It referenced DoD Manual 5200.01 Vol. 3 and IC Standard 500-34 (2015 edition).
Sanitize
Apply approved method for the specific device type: degauss, disintegrate, incinerate, or power removal as appropriate.
Administrative Declassification
The responsible owner performs a risk-based review per NSA/CSS Policy 6-22 and administratively downgrades remains to unclassified.
Release for Disposal
Only after both steps above are complete may the device be released for disposal or recycling — unless the IS security officer specifies otherwise.
HERITAGE ASSET REVIEW
Before destroying any IS storage device, NSA/CSS entities must contact the National Cryptologic Museum to determine whether the device carries historical value, per the Deletion of Heritage Assets Standard Operating Procedure. This requirement was formalized in the 2026 edition.
Understanding the Importance of Secure Data Destruction
The NSA's policy on data destruction is not just about cleaning up storage devices; it’s about protecting national security. Improper disposal of sensitive information can lead to devastating consequences, including the unauthorized release of classified data, which could jeopardize both national defense and intelligence efforts. Therefore, adhering to the NSA's data destruction standards is a crucial aspect of maintaining operational security (OPSEC), protecting classified data, and often meeting contractual obligations.
The guidelines in NSA Policy Manual 9-12 help ensure that all information, whether in electronic or physical form, is securely destroyed to prevent any possibility of recovery or exploitation by adversaries.
SANITIZATION REQUIREMENTS BY DEVICE TYPE
Approved Procedures for Every Storage Medium
NSA/CSS PM 9-12 prescribes specific sanitization methods for each class of IS storage device. All procedures must use equipment listed on the relevant NSA/CSS Evaluated Products List (EPL), published quarterly at nsa.gov/resources/media-destruction-guidance/. Sanitization of materials must be done in bulk when feasible, with debris mixed after the process.
Paper
| Toner-Based Printers
|
CRT & Plasma Monitors
| Magnetic Tapes
|
Magnetic Hard Disk Drives (HDDs)
| Hybrid Drives
Laptop HDDs after 2005 and Enterprise HDDs after 2012 may be hybrid. |
HAMR Hard Drives NEW 2026
Hard drives manufactured after 2020 may be HAMRs. | Optical Media (CDs, DVDs, Blu-ray)
|
Solid-State Devices (SSDs, USB, SD, NVMe, etc.)
| MRAM (Magneto-Resistive RAM)
|
⚠ CRITICAL: HARD DRIVE IDENTIFICATION
Some HDDs and SSDs may appear physically identical. Always verify by manufacturer and model number before applying sanitization procedures. Applying the wrong method — particularly degaussing a solid-state or HAMR drive — will not achieve sanitization and may violate NSA/CSS policy. When in doubt, contact CSDSR at CSDSR_NSA@nsa.gov.
2026 POLICY REISSUANCE
Key Changes from 2020 to 2026
The February 2026 reissuance of NSA/CSS PM 9-12 reflects significant changes in storage technology, updated regulatory references, and refined procedural guidance. Organizations that established compliance programs under the 2020 edition must review these changes carefully.
HAMR Drive Guidance Added NEW The 2026 manual introduces formal sanitization procedures for Heat-Assisted Magnetic Recording (HAMR) hard drives — a technology absent from the 2020 document. Hard drives manufactured after 2020 may be HAMRs and require special handling: incineration at temperatures greater than 670°C is currently the only approved sanitization method. HAMR drives are identifiable by an FDA laser compliance statement printed on the exterior label. EU-sold HAMR drives must bear "Class 1 consumer laser product EN 50689:2021." |
Updated Hybrid Drive Date Thresholds UPDATED The 2020 manual flagged laptop HDDs manufactured in 2006 and later, and Enterprise HDDs manufactured in 2013 and later, as potentially hybrid. The 2026 edition adjusts these thresholds: laptop HDDs after 2005 and Enterprise HDDs after 2012 are considered potentially hybrid, broadening the scope of devices requiring additional sanitization steps. |
Expanded Solid-State Device Coverage UPDATED The 2026 manual explicitly enumerates a broader range of solid-state form factors, including NVMe M.2 drives, SIM cards, CAC (Common Access Cards), micro SD cards, and others — reflecting the growing variety of flash storage in modern IT environments. It also clarifies that power removal is ineffective for NVRAM, FeRAM, RRAM, and other non-volatile RAM variants, which must follow standard solid-state disintegration or incineration procedures. |
MRAM Formally Classified as Solid-State CLARIFIED Magneto-Resistive RAM (MRAM) is now explicitly addressed in the 2026 manual with a dedicated section. MRAM is nonvolatile — power removal will not erase its contents. The manual formally directs personnel to treat MRAM as a solid-state device and follow disintegration or incineration procedures accordingly. |
Toner-Based Printers Added as Hard-Copy Storage Device NEW The 2020 manual listed hard-copy IS storage devices as paper, punched tape, and CRT/plasma monitors. The 2026 edition formally adds toner-based printers to this category, recognizing that the OPC drum and fuser unit retain partial images of classified content. Sanitization now requires either disassembly and cleaning of these components, or incineration of drum and fuser at temperatures above 670°C. |
Regulatory References Updated UPDATED The 2026 edition updates its foundational regulatory citations. The Intelligence Community Standard 500-34 reference shifts from the 2015 "Electronic Waste Management and Disposal" edition to the November 2023 version. DoD Manual 5200.01 Vol. 3 now incorporates Change 4 (January 17, 2025). NSA/CSS Policy 6-22 was updated to its August 2023 version, and a new reference to the Property Management Deletion of Heritage Assets Standard Operating Procedure (April 22, 2025) is added. |
CRT/Plasma Monitor Particle Size Threshold Revised UPDATED The 2020 manual required CRT and plasma monitor disintegration to pieces no larger than 5 centimeters on edge. The 2026 edition tightens this requirement to 50 millimeters on edge — a functionally equivalent but more precisely stated standard that aligns with the metric specifications used throughout the document. |
Bulk Sanitization Emphasis Formalized UPDATED The 2026 manual adds an explicit general requirement that sanitization of materials must be done in bulk when feasible, and that debris remaining after sanitization should be mixed. This principle was implied in the 2020 document for specific device types but is now a stated general policy. |
Title Shortened — "Destruction" Removed UPDATED The 2020 document was titled the Storage Device Sanitization and Destruction Manual. The 2026 reissuance drops "and Destruction" from the title, renaming it the Storage Device Sanitization Manual. This reflects a policy framing shift: the manual's primary scope is sanitization as a precursor to administrative declassification and release, rather than physical destruction as an end state in itself. |
SIDE-BY-SIDE COMPARISON
2020 vs. 2026 at a Glance
The table below summarizes the key differences in sanitization requirements between the two editions of NSA/CSS PM 9-12.
TOPIC | 2020 EDITION | 2026 EDITION |
Manual Title | Storage Device Sanitization and Destruction Manual | Storage Device Sanitization Manual |
HAMR Drives | Not addressed | Formal section added; incineration >670°C is only approved method |
Toner-Based Printers | Not listed as a hard-copy IS storage device | Added; drum wipe + fuser incineration or full incineration >670°C |
MRAM | Not explicitly addressed | Dedicated section; treat as solid-state; power removal ineffective |
Hybrid HDD Threshold (Laptop) | Manufactured 2006 and later | Manufactured after 2005 |
Hybrid HDD Threshold (Enterprise) | Manufactured 2013 and later | Manufactured after 2012 |
CRT/Plasma Monitor Particle Size | No larger than 5 centimeters on edge | No larger than 50 mm on edge (tightened/standardized) |
Solid-State Device Types Listed | RAM, ROM, FPGA, flash memory (general) | Expanded: adds NVMe M.2, SIM, CAC, micro SD, and others |
Bulk Sanitization Requirement | Recommended for specific device types only | Formal general policy: sanitize in bulk when feasible; mix debris |
IC Standard 500-34 | September 2015 edition | November 2023 edition |
DoD Manual 5200.01 Vol. 3 | Change 2 (March 2013) | Change 4 (January 2025) |
NSA/CSS Policy 6-22 | November 2019 edition | August 2023 edition |
Heritage Asset Review | Not referenced | Required: contact National Cryptologic Museum before destruction |
CSDSR Contact Method | csdsr@nsa.gov / phone | CSDSR_NSA@nsa.gov (updated email) |
MANSFIELD TECHNOLOGIES · AUTHORIZED IT SUPPORT
Need Help Achieving NSA PM 9-12 Compliance?
Navigating classified IT sanitization requirements is complex — and the stakes of non-compliance are high. Mansfield Technologies provides expert guidance on NSA/CSS PM 9-12, media sanitization programs, EPL-approved equipment, and secure IT disposal for government contractors and agencies.
Key Data Destruction Requirements under NSA Policy Manual 9-12
1. Final Disposition of Media
The NSA mandates that any media containing classified or sensitive data must be completely and securely destroyed when it is no longer needed. This includes:
Hard Disk drives
Solid State drives
Optical discs
USB drives
Tapes
Any other forms of digital or physical media containing sensitive data
The policy requires that all media be sanitized to prevent data recovery, and this destruction process must be irreversible, ensuring that no traces of the data remain.
2. Approved Methods of Data Destruction
NSA Policy Manual 9-12 provides a set of approved methods for data destruction, which must be followed to guarantee that data is thoroughly and securely destroyed. These include:
Degaussing and Destruction: For magnetic based information systems media such as Hard Disk Drives, Tape Drives, Floppy Drives, and Jazz Drives; running the media under a powerful magnetic degausser will wipe out the data. The NSA then requires physical destruction post degaussing for an additional security measure. Hard drive destruction devices are evaluated to ensure they can deform the disk platters into "4 or more" pieces. Hard Drive Shredding equipment is also approved as a destruction device. Be sure to check the field strength of your degausser and document it before destruction operations. You need to ensure your degausser is working as intended to sanitize data.
Disintegration: For flash based media or other forms of solid state media, organizations can disintegrate down to 2mm dust. This includes media such as solid state drives, printed circuit boards, usb drives, sd cards, and optical media such as DVDs. For Solid State Disintegration machines, pay close attention to equipment's "Acceptable Materials". Some destruction equipment will break trying to destroy difficult media such as enterprise solid state drives due to them having higher metal content (heat sinks) vs other types of solid state media.
It is important to note that CLASSIFIED HARDWARE MUST BE DESTROYED ONLY BY NSA EVALUATED PRODUCTS. The NSA maintains "Evaluated Products lists" and tests destruction equipment manufacturer claims.
Incineration: The final option is incineration at 670 degrees C. This is approved for all types of media but has significant drawbacks. First your organization must bring the classified IT hardware to the incineration facility. These classified material movements are quite expensive, labor intensive, and present their own safety and security concerns. Second, some private sector organizations are hesitant to sign contracts directly with incineration facilities due to long term legal liabilities under the EPA's Superfund laws. If the incineration facility goes bankrupt and the EPA declares the facility a Superfund clean up site, the EPA has the authority to go through the books of who used that facility. The EPA will then take these organizations to court to try and secure funds in order to pay for environmental clean-up. We cannot provide legal counsel if you have additional questions get with legal experts in this field.
3. Documentation of Destruction
NSA Policy Manual 9-12 stresses the importance of maintaining detailed records of data destruction activities and directs organizations to review NSA PM 6-22's "Administrative Declassification" section on documentation requirements. This documentation serves several purposes:
It provides an audit trail for compliance verification.
It helps ensure accountability, showing that destruction was carried out properly and securely.
It serves as evidence in case of audits or investigations.
The required documentation should include:
The type, manufacturer, and model number of media destroyed.
The serial numbers of media destroyed
The method used for destruction (e.g. destruction, degaussing, disintegration, or incineration).
The date and time of destruction.
The classification of the hardware being destroyed.
The reason for the destruction and release of the media.
The personnel responsible for carrying out the destruction.
A government representative or information systems security office supervising the destruction activities.
Proper documentation is essential for both internal record-keeping and demonstrating compliance during audits or inspections.
4. Destruction of Backup and Redundant Copies
In addition to the primary copies of classified or sensitive data, backup copies and redundant storage devices must also be destroyed. Often, sensitive data is backed up to ensure redundancy and continuity of operations. These backups, regardless of their format, must be destroyed using the same methods and standards as the original data to prevent any risk of information leakage.
5. Third-Party Contractors and Data Destruction
The NSA recognizes that organizations may use third-party contractors to perform data destruction. In such cases, the NSA requires that these contractors comply fully with the PM 9-12's standards. However the NSA DOES NOT EVALUATE DESTRUCTION CONTRACTORS. They only evaluate destruction equipment manufacturer's machines. Every organizations seeking to outsource their classified destruction to third-party vendors should explicitly outline the data destruction standards required.
Organizations must verify that any contractor they work with for classified destruction are fully compliant with NSA standards before entrusting them with data destruction responsibilities. If the contractor personnel are not cleared or read-on to the classified program, they need to be supervised by 2 cleared personnel until all classified media is sanitized.
6. Security of Data During Destruction
NSA Policy Manual 9-12 and 6-22 also mandates that appropriate security measures be taken while data is being destroyed. This includes ensuring that data is securely transported to destruction facilities, protecting data from unauthorized access during the process, and preventing leaks or breaches during the destruction phase.
We offer mobile destruction trucks and typically work with customers to set up a Temporary Secure Working Area (TSWA) to maintain control and accountability of classified materials. This usually involves guards, visual barriers, and customer support personnel.
7. Destruction of Physical Records
In addition to digital media, the NSA’s policy extends to physical records, including paper documents, that contain classified or sensitive information. These documents must be shredded or otherwise destroyed using evaluated destruction equipment. Simply discarding or recycling documents is not enough. Proper handling and disposal of physical records are just as crucial as digital data destruction.
Why Compliance with NSA Policy Manual 9-12 is Crucial
Adherence to the NSA's data destruction requirements is critical for national security. Improper destruction of sensitive or classified data could expose the U.S. government, military, or intelligence agencies to risks such as espionage, data breaches, or adversarial exploitation. It’s not just about protecting physical or digital assets—it’s about safeguarding the very systems that ensure the security of our nation.
Organizations that handle classified information, whether governmental or contracted, must remain diligent in their efforts to meet these destruction standards. This is not just a matter of policy—it’s a matter of national security.
Best Practices for Ensuring Compliance with the NSA Policy Manual 9-12.
While NSA PM 9-12 offers clear guidelines for data destruction, successful implementation requires more than just following technical steps. Organizations should also:
Review Media Sanitization Obligations During RFP: Too many private sector companies have been caught off guard by classified media sanitization requirements and didn't account for this cost. Then years into a contract they realize they need to spend significant sums of money destroying classified hardware. Don't be scared of NSA PM 9-12, just plan for it and factor it into your bid.
Develop a Media Sanitization Plan: Speaking of planning, create and enforce a clear Media Sanitization Plan that outlines the procedures for sanitizing and disposing of data across all departments. This includes the secure storage of old classified hardware pending sanitization. Too many organization's ISSMs, ISSOs, FSOs and leadership are completely disconnected from media sanitization and disposition decisions.
Train Employees: Ensure staff members understand the importance of proper data destruction and are trained in the correct procedures for sanitizing data. Ensure they understand the differences between types of media and the different options for media destruction under 9-12. Ensure they understand the types of media in classified IT systems and how to inspect systems and confirm all media is destroyed.
Use Reputable Vendors: Mansfield Technologies is one of a handful of companies in the country which can offer some form of NSA PM 9-12 compliant destruction services. Before you select an outside vendor for classified IT destruction services ask lots of questions. Use NSA PM 9-12 to evaluate if their destruction equipment and techniques are compliant.
Conduct Regular Audits: Regularly audit data destruction practices to ensure compliance with NSA and Sponsor security policies and verify that no classified information is at risk of being compromised. Organizational leadership should periodically audit the existing processes or outside vendors to ensure they are still compliant.
When in doubt, shred it out: National security organizations have 0 risk tolerance for data breaches which can result classified data being leaked. If your team cannot recognize the difference between a NVME M.2 SSD and DIMM stick; find someone who can and don't risk it. In order to implement NSA PM 9-12 by the letter, it does require a combination of IT hardware technical knowledge and knowledge of destruction methodologies.
Stay up to date: The NSA Center for Storage Device Sanitization Research does update Policy Manual 9-12 and the Evaluated Products lists on a regular basis. As new destruction equipment is evaluated and new types of media are developed, the NSA guidance can change.
Think before you connect: Before you connect a new type of hardware to a classified network, review the NSA's guidance on how to destroy. New technologies like HAMR and MAMR drives today (JAN 2025) can only be sanitized via Incineration. Devices with lithium ion batteries within such as iPads and Battery Backup Units can also be very difficult to sanitize due to the manual effort required to disassemble safely.
Other Standards: Some government organizations can decide to "add to" or "restrict" options under NSA 9-12 for various reasons. NSA PM 9-12 is still the CFR referenced standard and parts of the governments cannot go below this destruction standard.
Conclusion
The NSA Policy Manual 9-12 provides a comprehensive framework for the secure destruction of sensitive and classified data. By following NSA PM 9-12, organizations ensure that data is disposed of in a way that prevents unauthorized access, maintains compliance with national security standards, and upholds operational security. Whether it's through, degaussing, disintegration, or incineration, these processes help protect against data breaches and safeguard critical information from falling into the wrong hands. For organizations handling sensitive data, adhering to these destruction protocols is essential for protecting both national security and the integrity of their operations. If your organization needs assistance in following NSA PM 9-12 please reach out to us at contact@mansfieldtech.us
Written by Christopher McDevitt with assistance from AI.