This is one of the most-searched CUI questions, usually because it shows up on a training quiz. The answer is worth understanding for real, not just memorizing, because getting destruction wrong is one of the quiet ways contractors fail a CMMC Level 2 assessment.
The goal of destroying CUI
Destruction is not about tidiness or freeing up space. Its single purpose is to ensure the information can never be recovered. The standard is that CUI must be rendered unreadable, indecipherable, and irrecoverable. If a determined person could reassemble a shredded document or recover a deleted file, the destruction did not meet the standard.
That is why the method matters. The same document destroyed two different ways can either meet the goal or completely miss it.
Destroying paper CUI
For physical documents, approved methods make the paper impossible to reassemble:
- High-security cross-cut shredding to small particles (a strip-cut shredder is not enough).
- Pulping that reduces the paper to fiber.
- Incineration that fully burns the material.
Destroying digital CUI
Digital media is where most contractors slip. Deleting a file, emptying the recycle bin, or quick-formatting a drive leaves the underlying data recoverable. That does not meet the standard.
The authoritative method is NIST SP 800-88, media sanitization, which defines three levels chosen by media type and sensitivity:
| Method | What it does | When to use it |
|---|---|---|
| Clear | Overwrites data with logical techniques | Media that stays in your control and will be reused internally |
| Purge | Renders recovery infeasible even in a lab (e.g. cryptographic erase) | Media leaving your control |
| Destroy | Physically destroys the media (shred, disintegrate, incinerate) | End-of-life media, or the highest sensitivity |
Keep a record
Whatever method you use, document it. A short record or certificate of destruction, noting what was destroyed, when, how, and by whom, is the evidence that your process actually happened. For CMMC, a policy without evidence counts for little.
The CMMC requirement behind it
Destroying CUI correctly is not optional guidance, it is part of the media protection family of NIST SP 800-171, which makes up part of CMMC Level 2. An assessor will expect a documented sanitization process and evidence that you follow it, for both paper and digital media.
Frequently asked questions
What is the goal of destroying CUI?
The goal of destroying CUI is to make it unreadable, indecipherable, and irrecoverable, so that the information cannot be reconstructed or retrieved by any means once it is no longer needed. Destruction must be thorough enough that recovery is not reasonably possible, whether the CUI was on paper or digital media.
What are the approved methods for destroying CUI?
For paper, use high-security cross-cut shredding to small particles, or pulping or incineration. For digital media, follow NIST SP 800-88 media sanitization: clear, purge, or destroy, chosen by the media type and sensitivity. Simply deleting a file or emptying the recycle bin does not destroy CUI, because the data remains recoverable.
Does deleting a file destroy CUI?
No. Deleting a file or formatting a drive typically leaves the underlying data recoverable, so it does not meet the standard of irrecoverable destruction. Proper destruction of digital CUI requires sanitization methods from NIST SP 800-88, such as cryptographic erase, overwriting, or physical destruction of the media.
Which CMMC requirement covers destroying CUI?
Media protection requirements in NIST SP 800-171, which make up part of CMMC Level 2, require sanitizing or destroying media containing CUI before disposal or reuse. An assessor will look for a documented process and evidence that it is followed, not just a policy on paper.
Do I need a certificate of destruction for CUI?
It is strongly recommended. A record or certificate of destruction, showing what was destroyed, when, how, and by whom, is the evidence that proves your process was followed. For CMMC Level 2, that record is exactly the kind of artifact an assessor expects to see.