The NSA EPL: The Policy that Protects Your Data

Written by

In today’s world, the amount of personal data accessible in your hands continues to grow by the day. Unfortunately, as our data grows, so do our security concerns about how our data is accessed and how it should properly be destroyed. Luckily, there is a guideline that continues to update the products that are proven to destroy data to the point of no return: The Evaluated Product List (EPL) by the National Security Agency/Central Security Service.

What is the NSA EPL?

The NSA EPL is a series of lists that breaks down what devices have been tested and approved by the NSA to meet the necessary physical destruction requirements for all types of data-bearing media. Some of these final particle sizes for top-secret data are a 1mm x 5mm final particle size for paper and a 2mm particle size for DVDs and Blu-ray Discs. There are seven lists total and a guide covering various devices used to destroy different media that can hold and store sensitive data. The lists are as follows:

Why is the NSA EPL Important?

On January 23 1968, the USS Pueblo was in international waters aiding South Korea and gathering and intercepting codes and messages from the North Koreans when the ship became under siege. Crew members attempted to destroy the cryptologic materials that were used to decode secret messages, with one man being killed and three wounded. The North Koreans ended up seizing the ship and its crew, keeping the 82 surviving crew members captive for 11 months. The event represented the most significant single loss of sensitive data in US history. It was this very event that inspired the creation of the very first SEM disintegrator, as SEM founder Leonard Rosen sought to find a solution for the navy to destroy data in case this ever happened again.

On February 1 2003, the Columbia space shuttle tragically disintegrated upon reentering the Earth’s atmosphere after 17 days in space. As the shuttle pieces burst into flame and hurled towards Earth at high speeds, a hard drive containing the exhibition’s data landed in a river bed in Texas. This hard drive stayed in the riverbed for over six months through all forms of weather until it was discovered and sent to Ontrack to attempt to recover the data.

After a team of engineers got to work, they were able to reconstruct the rotational drive and recover over 99% of the data on the drive. A drive that fell from outer space, on fire, into a riverbed for over six months was able to have its data recovered.

"A drive that fell from outer space, on fire, into a riverbed for over six months was able to have its data recovered"

What do these stories have to do with the NSA EPL? Without a set of standards, what people would consider destroyed, or how people would think data is protected, would be very different from what is needed to ensure complete physical destruction. By having these standards and a push for devices that can meet these standards, data that needs to be protected to keep people safe worldwide can be appropriately disposed of. This ranges from your own  personally identifiable information (PII) to our nation’s and military’s most significant secrets that protect millions of lives.

That means whether it’s designing destruction machines that fit specific dimensions of naval ships or building a shredder that can destroy hard drives better than falling through the atmosphere, the NSA EPL has the specifications that ensure all data has a proper end-of-life solution.

At SEM, we take pride in being the global leader in high-security end-of-life solutions. As such, we are constantly ensuring that our machines meet the latest standards provided by the NSA and using our expertise to educate the community to keep the data of both the government and US citizens safe.

Brought to you by

What’s hot on Infosecurity Magazine?