On Wed, Mar 25, 2009 at 2:52 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > What's worse is that while physical destruction is "good enough" for > those departments that need it, they then have the problem of "how do > we know it was really destroyed?"
Because the IAO (Information Assurance Officer) signed the destruction certificate. Same as for destroying any other classified item, e.g., paper document. As it happens, I was just writing procedures on this today. Those interested can Google "NISPOM" (AKA DoD 5220.22-M), grab the 2006 edition from the DSS website, and check sections 5-704, 5-706, and 5-707, starting on ordinal page 58. Keeping stuff longer than needed is actually explicitly against regulations. Other DoD requirements documents I've seen have similar provisions. Of course, there are doubtless plenty of people in authority who require asinine things (like keeping a hard disk forever), within their jurisdiction. Sadly, PHBs infest government agencies as much as they plague private companies. :-( -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~