Use NSA-evaluated Degaussers for Media Destruction
When destroying media, use degaussers approved by the NSA to ensure effectiveness.
Plain language
To keep your data and privacy safe when getting rid of old hard drives or tapes, it's crucial to use special tools called degaussers. These devices erase data thoroughly, and to be sure they work effectively, only use those approved by the United States' National Security Agency (NSA). If you don't, sensitive information could fall into the wrong hands, leading to data breaches and loss of trust.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Evaluated diodes are used for controlling the data flow of unidirectional gateways between networks.
Why it matters
Without evaluated diodes, a unidirectional gateway may permit reverse or covert channels, enabling data exfiltration and cross-domain compromise.
Operational notes
Verify the diode is evaluated and correctly installed; routinely test for one-way flow and review configs so only approved transfers traverse the gateway.
Implementation tips
- Procurement teams should ensure they purchase NSA-approved degaussers for media destruction. They can do this by checking supplier catalogues or websites to confirm the degausser's approval status before buying.
- Office managers should organise regular training sessions for staff responsible for media destruction. Include a demonstration on how to properly use NSA-evaluated degaussers, ensuring everyone understands the process.
- IT teams should maintain a list of all degaussers in use and their approval status. They can create a spreadsheet that records details such as make, model, and NSA approval, and update it annually or when new equipment is acquired.
- Managers should develop a media destruction policy that mandates the use of NSA-approved degaussers. Share this policy with all staff during onboarding and remind them during annual reviews.
- Security personnel should audit media disposal practices regularly. They can do this by randomly selecting media marked for destruction and verifying it has been processed with an NSA-evaluated degausser. Document each check to ensure compliance.
Audit / evidence tips
- AskThe procurement records of degaussers: Request invoices or purchase orders for degaussers GoodShows records explicitly listing devices with NSA approval
- AskTo see the training logs for media destruction handlers
- GoodPolicy clearly states this requirement and includes procedures for verifying compliance
- AskThe degausser compliance inventory GoodList includes detailed entries showing compliance checks with NSA approval
- AskRecords of media disposal audits
Cross-framework mappings
How ISM-1157 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 7.10 | ISM-1157 addresses secure destruction of media by mandating the use of NSA-evaluated degaussers to reliably render magnetic media unreadable | |
| Annex A 7.14 | ISM-1157 requires that when destroying magnetic storage media, organisations use NSA-evaluated degaussers to ensure the destruction metho... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.