DIN 66399 Globally Standardized to ISO/IEC 21964

June 28, 2019 at 4:09 pm by Paul Falcone

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), who together form the specialized system for worldwide standardization, have established a joint technical committee, ISO/IEC JTC, in the field of information technology. In August of 2018, ISO/IEC JTC internationally standardized the German Institute for Standardization’s DIN 66399 terms and principles for destruction of information technology data carriers. This standard, ISO/IEC 21964, is now being referenced by organizations on an international level when referring to data destruction requirements. The materials referred to in security levels are identical to those referenced in DIN 66399 and are as follows:

P — information in original size such as paper, film, and printing plates

F — information in miniaturized form such as microfilm and microfiche

O — information on optical data carriers such as CDs, DVDs, and Blu-ray Discs

T — information on magnetic data carriers such as floppy discs, ID cards, magnetic tape cassettes, mag stripe cards, and CAC IDs

H — information on hard drives with magnetic data carriers such as rotational hard drives

E — information on electronic data carriers such as memory sticks, RFID chip cards, solid state drives, and mobile communication equipment

P-7, shown above, is the standard for the destruction of classified material on paper

The ISO/IEC 21964 limits for particle sizes also have not changed from the DIN 66399 standard and remain as follows:

Paper Media

  • P-1: Particle size ≤ 2,000mmor strip width ≤ 12mm x unlimited strip length
  • P-2: Particle size ≤ 800mmor strip width ≤ 6mm x unlimited strip length
  • P-3: Particle size ≤ 320mm2or strip width ≤ 2mm x unlimited strip length
  • P-4: Particle size ≤ 160mmand for regular particles: strip width ≤ 6mm, such as our Model 5141P
  • P-5: Particle size ≤ 30mmand for regular particles: strip width ≤ 2mm
  • P-6: Particle size ≤ 10 mmand for regular particles: strip width ≤ 1mm
  • P-7: Particle size ≤ 5 mmand for regular particles: strip width ≤ 1mm or dissolved with particle size ≤ 5mmor shredded ash with particle size ≤ 5mm2 such as with our Model 244/4
NSA listed DVD shredder
O-6, shown above, is the standard for the destruction of classified material on DVDs and Blu-ray Discs.

Optical Media

  • O-1: Particle size ≤ 2,000mm2
  • O-2: Particle size ≤ 800mm2
  • O-3: Particle size ≤ 160mm2
  • O-4: Particle size ≤ 30mm2
  • O-5: Particle size ≤ 10mm2, such as with a Model 0201.
  • O-6: Particle size ≤ 5mmor shredded ash ≤ 5mmor melted compound, such as with a Model 0200 OMD/SSD with Cabinet Kit
  • O-7: Particle size ≤ 0.2mmor shredded ash ≤ 0.2mmor melted compound

Magnetic Media

  • T-1: Medium physically unusable
  • T-2: Medium broken into several parts and particle size ≤ 2,000mm2
  • T-3: Particle size ≤ 320mm2
  • T-4: Particle size ≤ 160mm2
  • T-5: Particle size ≤ 30mm2
  • T-6: Particle size ≤ 10mm2
  • T-7: Particle size ≤ 2.5mmor shredded ash ≤ 2.5mmor melted compound, such as a Model DS-400
H-3, shown above, is an approved method of destruction of classified material found on rotational hard drives, as long as the hard drive has been previously degaussed in an NSA listed degausser.

Hard Drive Media

  • H-1: Hard drive physically/electronically unusable
  • H-2: Data carrier damaged
  • H-3: Data carrier deformed, such as with a Model 0101 Crusher
  • H-4: Data carrier broken into several pieces and deformed and particle size ≤ 2,000mm2, such as with a Model 0305
  • H-5: Data carrier broken into several pieces and deformed and particle size ≤ 320mm2
  • H-6: Data carrier broken into several pieces and deformed and particle size ≤ 10mm2
  • H-7: Data carrier broken into several pieces and deformed and particle size ≤ 5mmor heated above Curie temperature
ssd shredder
A 2mm particle, shown above, falls under the E-5 category and is the standard for the destruction of classified material on solid state drives and devices.

Electronic Media

  • E-1: Media physically/electronically unusable
  • E-2: Media broken into pieces, such as with a Model 0101 with SSD Kit
  • E-3: Media broken into pieces and particle size ≤ 160mm2, such as a Model 0304 Combo Shredder
  • E-4: Data carrier (chip) broken into pieces and particle size ≤ 30mm2, such as a Model 0205
  • E-5: Data carrier (chip) broken into several pieces and particle size ≤ 10mm2, such as a Model 2SSD
  • E-6: Data carrier (chip) broken into several pieces and particle size ≤ 1mmor shredded ash ≤ 1mm2
  • E-7: Data carrier (chip) broken into several pieces and particle size ≤ 0.5mmor shredded ash ≤ 0.5mm2, such as with a Model SSD1-HS

Film Media

  • F-1: Particle size ≤ 160mmwhere 10% of the material may exceed the specified particle size, but shall not be more than 480mmin size.
  • F-2: Particle size ≤ 30mmwhere 10% of the material may exceed the specified particle size, but shall not be more than 90mmin size.
  • F-3: Particle size ≤ 10mm2  where 10% of the material may exceed the specified particle size, but shall not be more than 30mmin size.
  • F-4: Particle size ≤ 2.5mmwhere 10% of the material may exceed the specified particle size, but shall not be more than 7.5mmin size.
  • F-5: Particle size ≤ 1,0 mmwhere 10% of the material may exceed the specified particle size, but shall not be more than 3.0mmin size.
  • F-6: Particle size ≤ 0.5mmor shredded ash ≤ 0.5mmwhere 10% of the material may exceed the specified particle size, but shall not be more than 1.5mm2in size.
  • F-7: Particle size ≤ 0.2mmor shredded ash ≤ 0.2mmor dissolved. The particle size shall not be exceeded.

For more information, please visit our DIN 66399 (ISO/IEC 21964) page here.

SEM Holiday Happenings

December 16, 2018 at 1:46 pm by Heidi White


On 13 December, 2018, the SEM team celebrated the holiday season. The sales and service teams flew into town for the week so the whole team could be together. The evening started with the company breaking into five teams to participate in escape room challenges at Live Action Escapes in Worcester, MA. We are happy to say that three of the five teams escaped their rooms. The other two tried their best but were stumped in the end. All in all, employees agreed that the experience was a lot of fun.

After the escape room challenge, the group make its way downstairs to The Citizen, where everyone enjoyed each others’ company over food and drinks. The evening was a fun and relaxing way to celebrate the holiday season with the team. Happy Holidays to you and yours!

US-CERT Issues Security Tip (ST18-005) on Proper Disposal of Electronic Devices

November 1, 2018 at 1:51 pm by Heidi White
Originally published by us-cert.gov on October 30, 2018

Why is it important to dispose of electronic devices safely?

US-CERT is a division of Homeland Security

In addition to effectively securing sensitive information on electronic devices, it is important to follow best practices for electronic device disposal. Computers, smartphones, and cameras allow you to keep a great deal of information at your fingertips, but when you dispose of, donate, or recycle a device you may inadvertently disclose sensitive information which could be exploited by cyber criminals.

Types of electronic devices include:

  • Computers, smartphones, and tablets — electronic devices that can automatically store and process data; most contain a central processing unit and memory, and use an operating system that runs programs and applications.
  • Digital media — these electronic devices create, store, and play digital content. Digital media devices include items like digital cameras and media players.
  • External hardware and peripheral devices — hardware devices that provide input and output for computers, such as printers, monitors, and external hard drives; these devices contain permanently stored digital characters.
  • Gaming consoles — electronic, digital, or computer devices that output a video signal or visual image to display a video game.

What are some effective methods for removing data from your device?

There are a variety of methods for permanently erasing data from your devices (also called sanitizing). Because methods of sanitization vary according to device, it is important to use the method that applies to that particular device.

Methods for sanitization:

Backing Up Data

Saving your data to another device or a second location (e.g., an external hard drive or the cloud) can help you recover your data if your device is stolen. Options for digital storage include cloud data services, CDs, DVDs, and removable flash drives or removable hard drives (see Protecting Portable Devices: Data Security for more information). Backing up your data can also help you identify exactly what information a thief may have been able to access.

Deleting Data

Removing data from your device can be one method of sanitization. When you delete files from a device—although the files may appear to have been removed—data remains on the media even after a delete or format command is executed. Do not rely solely on the deletion method you routinely use, such as moving a file to the trash or recycle bin or selecting “delete” from the menu. Even if you empty the trash, the deleted files are still on device and can be retrieved. Permanent data deletion requires several steps.

Computers. Use a disk cleaning software designed to permanently remove the data stored on a computer hard drive to prevent the possibility of recovery.

  • Secure erase. This is a set of commands in the firmware of most computer hard drives. If you select a program that runs the secure erase command set, it will erase the data by overwriting all areas of the hard drive.
  • Disk wiping. This is a utility that erases sensitive information on hard drives and securely wipes flash drives and secure digital cards.

Smartphones and tablets. Ensure that all data is removed from your device by performing a “hard reset.” This will return the device to its original factory settings. Each device has a different hard reset procedure, but most smartphones and tablets can be reset through their settings. In addition, physically remove the memory card and the subscriber identity module card, if your device has one.

Digital cameras, media players, and gaming consoles. Perform a standard factory reset (i.e., a hard reset) and physically remove the hard drive or memory card.

Office equipment (e.g., copiers, printers, fax machines, multifunction devices). Remove any memory cards from the equipment. Perform a full manufacture reset to restore the equipment to its factory default.

Overwriting

Another method of sanitization is to delete sensitive information and write new binary data over it. Using random data instead of easily identifiable patterns makes it harder for attackers to discover the original information underneath. Since data stored on a computer is written in binary code—strings of 0s and 1s—one method of overwriting is to zero-fill a hard disk and select programs that use all zeros in the last layer. Users should overwrite the entire hard disk and add multiple layers of new data (three to seven passes of new binary data) to prevent attackers from obtaining the original data.

  • Cipher.exe is a built-in command-line tool in Microsoft Windows operating systems that can be used to encrypt or decrypt data on New Technology File System drives. This tool also securely deletes data by overwriting it.
  • Clearing is a level of media sanitation that does not allow information to be retrieved by data, disk, or file recovery utilities. The National Institute of Standards and Technology (NIST) notes that devices must be resistant to keystroke recovery attempts from standard input devices (e.g., a keyboard or mouse) and from data scavenging tools.

Destroying

Physical destruction of a device is the ultimate way to prevent others from retrieving your information. Specialized services are available that will disintegrate, burn, melt, or pulverize your computer drive and other devices. These sanitization methods are designed to completely destroy the media and are typically carried out at an outsourced metal destruction or licensed incineration facility. If you choose not to use a service, you can destroy your hard drive by driving nails or drilling holes into the device yourself. The remaining physical pieces of the drive must be small enough (at least 1/125 inches) that your information cannot be reconstructed from them. There are also hardware devices available that erase CDs and DVDs by destroying their surface.

  • Magnetic media degaussers. Degaussers expose devices to strong magnetic fields that remove the data that is magnetically stored on traditional magnetic media.
  • Solid-state destruction. The destruction of all data storage chip memory by crushing, shredding, or disintegration is called solid-state destruction. Solid-State Drives should be destroyed with devices that are specifically engineered for this purpose.
  • CD and DVD destruction. Many office and home paper shredders can shred CDs and DVDs (be sure to check that the shredder you are using can shred CDs and DVDs before attempting this method).

For more information, see the NIST Special Publication 800-88 Guidelines for Media Sanitization.

How can you safely dispose of out-of-date electronic devices?

Electronic waste (sometimes called e-waste) is a term used to describe electronics that are nearing the end of their useful life and are discarded, donated, or recycled. Although donating and recycling electronic devices conserves natural resources, you may still choose to dispose of e-waste by contacting your local landfill and requesting a designated e-waste drop off location. Be aware that although there are many options for disposal, it is your responsibility to ensure that the location chosen is reputable and certified. Visit the Environmental Protection Agency’s (EPA) Electronics Donation and Recycling webpage for additional information on donating and recycling electronics. For information on recycling regulations and facilities in your state, visit the EPA Regulations, Initiatives, and Research on Electronics Stewardship webpage.

Patch Barracks Classified Data Destruction Facility — A Highly Successful Installation

October 12, 2018 at 8:18 pm by Heidi White

SEM recently installed a classified data destruction facility at Patch Barracks in Stuttgart-Vaihingen, Germany under the direction of EUCOM, AFRICOM, and the 405th Army Field Support Brigade. The centralized facility, in support of local operations, is a green operation  providing for zero landfill and recycle of all materials.  The facility includes an SEM Model DS1436 NSA listed dual stage disintegrator with trio briquettor for bulk paper destruction along with multi-media destruction equipment capable of destroying complete Laptops.  Two SEM Model EMP1000-HS NSA listed high security degaussers, two SEM Model 0304 high volume combo HDD/SSD hard drive shredders, two 0202 Optical Medial destroyers, and an existing SEM Model DS1436 disintegrator provide total redundancy of all destruction capabilities. These devices provide a destruction solution for all levels of classified paper, optical media, and hard drives. SEM’s own Todd Busic, Ricardo Leon, and Don Donahue were on site to finalize the installation and provide systems start-up and training to staff. A ribbon cutting ceremony was held Friday October 12th where Garrison Commander Col. Neal A. Corson officially opened the facility for operations. Special thanks to EUCOM, AFRICOM, DPW, and the 405th for working as a trusted partner with SEM to ensure timely and successful completion of this important project.

Ribbon cutting ceremony for the Classified Destruction Facility
The project was completed with support from EUCOM and AFRICOM.
Patch Barracks main gate
Success! The destruction facility is fully operational. Todd Busic is pictured right.
The disintegrators are high capacity, capable of destroying entire boxes of paper material at once.
SEM Engineer Ricardo Leon worked on the master control panel during the installation.
The team even celebrated with a custom made cake.

National Hot Dog Day!

July 18, 2018 at 8:49 pm by Heidi White

July 18, 2018 was National Hot Dog Day and SEM celebrated in style by having Tony Island Hot Dogs from Oxford, Massachusetts bring their world famous hot dog cart to SEM headquarters. SEM employees enjoyed hot dogs with all the fixings as well as homemade sauces and sodas, and the weather was absolutely picture perfect. One of the most popular dogs was the Bacon Jammer, but employees also raved about the chili cheese dog. Tony Island even brought vegan dogs for the resident vegan! The lunchtime outing was a fun way to enjoy each other’s company while celebrating such an important (?) national holiday. Happy Hot Dog Day!

SEM Summer Outing 2018

July 3, 2018 at 1:54 pm by Heidi White

The Security Engineered Machinery team works hard to engineer, manufacture, and distribute the world’s best data destruction devices, but we also know how to enjoy our downtime. SEM employees had a ball at the 2018 summer outing which included golf and a fully catered all American BBQ complete with some local craft beer. The team relaxed while enjoying a variety of delicious food, plenty of sunshine, and good conversation. We are fortunate to have the absolute best team!

Security Engineered Machinery Turns 50

June 11, 2018 at 5:15 pm by SEM

Security Engineered Machinery Co. Inc. (SEM), global leader in high security end-of-life solutions, is celebrating 50 years of protecting corporate and national security interests through continuous innovations in the field of document and media sanitization technology.

Through a combination of in-house engineering and design as well as direct manufacturing in our Westboro, MA facility, SEM has consistently produced innovative data sanitization products and services for the intelligence organizations of the U.S. Federal Government, including our military, embassies and other government entities, in addition to a wide commercial market.

Founded in 1967 by Korean War veteran, Leonard Rosen, the company’s initial product was a paper disintegrator that allowed users to reduce large volumes of top-secret documents down to unreadable particles in a quick and secure manner. SEM’s disintegration was a vast improvement over incineration in speed, convenience, and environmental impact and was quickly accepted as the primary destruction method of the U.S. Government. In the mid 1970s SEM introduced a full line of office paper shredders to allow users to destroy documents closer to their source.

As record storage transitioned from paper to electronic media, the company continued to innovate to meet the new sanitization demands created by this new technology including computer tape, optical media, hard drives and solid-state media. Today, SEM holds several patents and is the global industry leader for multiple forms of sanitization and destruction including degaussing, crushing, shredding, and disintegration of any type of electronic media such as hard drives, optical media and solid state storage systems.

Founder and Chairman Len Rosen is still actively involved in the day-to-day activities of the company, but is quick to deflect credit for success to his management team and entire staff. “It seems like we just started this yesterday” said Rosen. “The growth has been amazing, but I’m most proud of how we continue to adapt as a company, not just to stay relevant, but to lead the industry with innovative solutions.”

SEM Paper Shredders Awarded Prestigious Eco-Friendly “Blue Angel” Certification

May 16, 2013 at 2:35 pm by SEM

Paper shredders manufactured for Security Engineered Machinery (SEM) by German based Krug and Priester GmbH and CO (K&P) have recently been awarded the prestigious “Blue Angel” certification. In addition to the precision and high quality typically found in German made products, these shredders are also loaded with a variety of environmentally friendly features that have earned them this highly sought-after certification.

The Blue Angel is only awarded to products and services which – from a holistic point of view – are of considerable benefit to the environment and, at the same time, meet high standards of serviceability, health, and occupational protection.

The Blue Angel is a German certification for products and services that have environmentally friendly aspects. It has been awarded since 1978 by the Jury Umweltzeichen, a group of 13 people from environment and consumer protection groups, industry, unions, trade, media and churches. Blue Angel is the oldest eco-label in the world, and it covers some 10,000 products in some 80 product categories.

To meet these eco-friendly standards, SEM shredders, that are manufactured by Krug and Priester (like the Model 244/4), integrate features that reduce noise, dust and emissions as well as an energy saving mode which generates no power after a brief period of non-use thus maximizing energy conservation.

After the introduction of Germany’s Blue Angel in 1978 as the first worldwide environmental label, other European and non-European countries followed this example and introduced their own national and supra-regional environmental labels. The common goal of these labels is to inform consumers about environmentally friendly products thereby giving global support to product-related environmental protection.

Learn more about our paper shredders here.