NIST-Compliant Government Electronics Buyback & Recycling
Federal, state, and local government agencies trust us to buy their surplus IT equipment while maintaining strict compliance with NIST SP 800-88, FISMA, and agency-specific disposal requirements. We pay fair market value for working hardware, provide certified data destruction for equipment containing CUI and sensitive agency data, and deliver audit-ready documentation that satisfies inspectors general and oversight bodies. Recover budget value from retired IT assets instead of paying for disposal.
Purpose-Built for Government IT Disposal Requirements
NIST SP 800-88 Mandatory Compliance
NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization, is the mandatory standard for federal agencies and the most widely adopted standard across state and local governments. Our entire sanitization operation is built around this standard. We apply Clear, Purge, or Destroy methods based on the security categorization of the information system the device supported, following the decision flow in NIST 800-88 Appendix A. Each sanitization action is documented with the specificity that government auditors require, including the exact method, verification technique, and outcome.
CUI and Sensitive Data Handling
Controlled Unclassified Information requires specific handling during the disposition process as defined by 32 CFR Part 2002 and the CUI Registry. We work with your information security officer to identify the appropriate sanitization level for CUI-bearing equipment, apply the correct NIST 800-88 method, and document the handling in a way that demonstrates compliance with your agency's CUI program. Our process addresses the full spectrum of CUI categories from basic to specified, with sanitization levels matched to the sensitivity of the information.
Budget Recovery Through Buyback
Government agencies at all levels face tight budgets and pressure to maximize the value of every dollar. Rather than paying a vendor to dispose of retired equipment, our buyback model returns real revenue to your agency's budget. Working laptops, desktops, servers, and networking equipment all carry resale value that most agencies forfeit through surplus property channels that prioritize transfer over value recovery. We buy your equipment at fair market value after performing all required data destruction.
FISMA-Aligned Documentation
The Federal Information Security Modernization Act requires agencies to maintain comprehensive security programs that include the disposition of information system components. Our documentation packages align with FISMA's continuous monitoring and documentation requirements, providing the evidence that your agency's System Security Plan calls for when describing media sanitization controls. Documents integrate directly with your Plan of Action and Milestones and audit response materials for IG and GAO reviews.
Multi-Agency and Multi-Site Logistics
Large government IT refresh projects often span multiple buildings, campuses, or regions. Our logistics team manages complex multi-site pickups while accommodating the unique access requirements of government facilities. We work within your facility security protocols, coordinate with building management, and schedule around operational requirements. Each site receives individual tracking that consolidates into department-level or agency-level reporting for leadership review.
Inspector General Audit Readiness
Government IT disposal is subject to oversight from agency inspectors general, the GAO, and various state audit bodies. Our documentation is specifically designed to withstand this level of scrutiny. Every device is tracked by serial number from pickup through final disposition. Sanitization certificates reference the specific NIST 800-88 method applied and the verification technique used. Chain-of-custody records show unbroken physical control of assets throughout the process. This documentation has been reviewed and accepted in multiple IG and state auditor examinations.
Federal & State IT Disposal Requirements
Government agencies operate under a layered regulatory framework for IT asset disposition that differs significantly from private sector requirements. Understanding these requirements is essential for any agency planning a technology refresh or equipment disposal project.
NIST SP 800-88 Rev. 1: Media Sanitization Guidelines
NIST 800-88 is the foundational standard for government media sanitization. It defines three levels of sanitization: Clear, which protects against simple non-invasive data recovery techniques using standard methods that do not manipulate the media's physical characteristics; Purge, which protects against laboratory attack techniques using state-of-the-art methods; and Destroy, which renders the media incapable of storing data through physical means such as disintegration, incineration, pulverization, shredding, or melting.
The appropriate sanitization level depends on the security categorization of the information system the device supported, as defined by FIPS 199. Low-impact systems may be adequately addressed by Clear methods, while Moderate and High-impact systems typically require Purge or Destroy. The decision flow in NIST 800-88 Appendix A guides the selection process based on the confidentiality impact level, whether the media will be reused within the organization, and whether it will leave organizational control.
FISMA and Information System Lifecycle
The Federal Information Security Modernization Act of 2014 requires each agency to develop, document, and implement an agency-wide information security program. This program must address the full lifecycle of information systems, including disposition. NIST SP 800-37 (Risk Management Framework) and NIST SP 800-53 (Security and Privacy Controls) define the specific controls that agencies must implement. The Media Protection control family (MP) includes MP-6, Media Sanitization, which requires organizations to sanitize information system media prior to disposal, release out of organizational control, or release for reuse. This control directly references NIST 800-88 as the implementation guidance.
FIPS 199: Security Categorization
Federal Information Processing Standard 199 establishes the framework for categorizing federal information and information systems based on the potential impact of a security breach. Systems are categorized as Low, Moderate, or High impact for each of three security objectives: confidentiality, integrity, and availability. The confidentiality impact level is the primary driver for selecting the appropriate media sanitization method under NIST 800-88. Devices from High-impact systems generally require Destroy-level sanitization, while Moderate-impact systems may use Purge methods, and Low-impact systems may use Clear methods, subject to additional agency-specific policies.
GSA Property Disposal Regulations
Federal agencies must comply with the Federal Property and Administrative Services Act and the Federal Management Regulation (41 CFR) when disposing of surplus personal property, including IT equipment. The General Services Administration oversees the federal surplus property disposal process through programs including GSAXcess for screening surplus property across government and GSA Auctions for selling surplus to the public. However, these property disposal channels focus on the physical asset transfer and do not address the data security requirements for IT equipment. Agencies must ensure that all data destruction requirements are met before equipment enters surplus property channels, which is where our ITAD services complement the GSA surplus process.
State and Local Disposal Requirements
State and local government agencies operate under their own procurement and surplus property disposal regulations that vary significantly by jurisdiction. Many states have adopted NIST 800-88 as their data sanitization standard by reference, while others have developed state-specific requirements. Common state-level requirements include surplus property board approval for disposal, mandatory screening for transfer to other state agencies before external disposition, environmental compliance documentation for electronics recycling, and documentation requirements for the disposal of property purchased with federal grant funds. Our team is experienced with disposal requirements across all fifty states and can tailor our documentation to meet the specific requirements of your jurisdiction.
How Government IT Disposition Works
Our government ITAD process is designed to satisfy the regulatory requirements that agencies face at all levels of government while maximizing the financial return on surplus equipment.
Step 1: Security Assessment and Planning
We begin with a detailed assessment of the equipment your agency needs to retire. This includes identifying the security categorization of the systems the devices supported (using FIPS 199 categories for federal agencies), determining the appropriate NIST 800-88 sanitization level for each device category, and coordinating with your information security officer to address any agency-specific requirements. For equipment that stored CUI, we document the CUI categories involved and the corresponding sanitization requirements.
Step 2: Secure On-Site Collection
Our logistics crew works within your facility's security protocols, including visitor processing, escort requirements, and restricted area procedures. Every device is inventoried by serial number and asset tag at the point of collection, reconciled against your property management records, and entered into our chain-of-custody system. Your IT or property management representative receives a signed pickup manifest. For agencies requiring the highest security level, we offer on-site data destruction before equipment leaves the building.
Step 3: NIST 800-88 Compliant Sanitization
At our processing facility, every storage medium undergoes sanitization at the level determined during the planning phase. Clear-level sanitization uses verified overwrite methods appropriate to the media type. Purge-level sanitization employs methods such as degaussing for magnetic media and cryptographic erase with verification for self-encrypting drives. Destroy-level sanitization uses physical destruction through shredding, disintegration, or incineration. Each sanitization event is documented with the device serial number, asset tag, media type, NIST 800-88 method category, specific technique applied, verification method and result, date, and responsible technician.
Step 4: Asset Recovery and Remarketing
After verified data destruction, working equipment enters our remarketing pipeline. Functional laptops, desktops, servers, monitors, and networking equipment are graded, tested, and sold through secondary market channels. This remarketing revenue enables us to pay agencies for their surplus equipment rather than charging for disposal. Equipment that cannot be remarketed is responsibly recycled through our R2-certified partners, with recycling certificates provided for each unit.
Step 5: Audit-Ready Documentation and Settlement
Your agency receives a comprehensive documentation package designed for IG, GAO, and state auditor review. The package includes the complete serialized asset inventory reconciled against your property records, individual certificates of data destruction for every storage device referencing NIST 800-88 methods, complete chain-of-custody records, recycling certificates for non-functional units, and a financial settlement statement. For federal agencies, documents are formatted to support your FISMA reporting requirements. For state and local agencies, documents are tailored to your jurisdiction's surplus property reporting format.
Controlled Unclassified Information (CUI) Handling
The federal CUI program, established by Executive Order 13556 and implemented through 32 CFR Part 2002, standardizes the way the executive branch handles information that requires safeguarding but is not classified. The CUI Registry maintained by the National Archives defines categories including law enforcement sensitive, tax information, privacy data, and many others, each with specified handling requirements. When dispositioning equipment that stored CUI, agencies must ensure that sanitization methods meet the requirements for the specific CUI category. Our process tracks CUI categories for each device and applies the corresponding NIST 800-88 sanitization level, providing documentation that specifically addresses CUI handling compliance for your agency's CUI program records.
Government IT Equipment We Purchase
Federal, State, and Municipal Equipment
- Agency workstations: Desktop computers and laptops used by federal employees, state workers, and municipal staff for daily operations, case management, and constituent services
- Data center servers: Rack-mount and blade servers running agency applications, databases, email systems, and web services. Includes servers decommissioned during cloud migration projects
- Network infrastructure: Core and distribution switches, routers, firewalls, VPN concentrators, and wireless infrastructure that carried agency data across government networks
- Public safety equipment: Computers and servers from law enforcement, fire department, emergency management, and 911 dispatch operations that contain sensitive operational data
- Municipal IT equipment: City and county government workstations, utility department systems, public works technology, and administrative computing equipment
- Mobile devices: Government-issued smartphones, tablets, and ruggedized devices used by field workers, inspectors, and law enforcement personnel
- Classroom and library equipment: Government-owned computers in public libraries, community centers, and training facilities
- Specialized agency equipment: Court recording systems, permitting workstations, GIS processing terminals, and other agency-specific computing equipment
We accept equipment in any condition. Working devices receive the highest buyback value, enabling maximum budget recovery for your agency. Non-functional equipment still holds value through component recovery and materials recycling. Every device receives NIST 800-88 compliant data sanitization regardless of its condition or intended disposition path.
Government IT Disposal Planning Guide
Successful government IT disposition projects require careful planning to meet regulatory requirements and maximize value recovery. We recommend the following approach for agencies at all levels of government.
- Inventory and categorize: Create a complete inventory of equipment to be retired, including serial numbers, asset tags, and the security categorization of the system each device supported. This categorization drives the sanitization level required under NIST 800-88
- Review retention requirements: Verify that all data subject to federal or state record retention requirements has been properly archived before equipment is released for disposition. This includes agency-specific retention schedules and any litigation hold obligations
- Coordinate with property management: Align the disposition timeline with your agency's surplus property procedures. Federal agencies must follow GSA surplus screening requirements. State and local agencies must follow their jurisdiction's surplus property board requirements
- Identify CUI and sensitive data: Flag equipment that stored Controlled Unclassified Information, law enforcement sensitive data, tax information, or other categories requiring specific handling during disposition
- Engage your ISSO early: Your Information System Security Officer should be involved in disposition planning from the start to approve sanitization methods and review documentation requirements
- Plan for grant-funded equipment: Equipment purchased with federal grants may have specific disposition requirements, including the requirement to return a proportional share of disposition proceeds to the granting agency
- Schedule around fiscal year cycles: Many agencies find that end-of-fiscal-year is the optimal time for disposition projects, aligning equipment retirement with new procurement cycles and budget closeout procedures
- Document everything: Government IT disposal is subject to audit at multiple levels. Comprehensive documentation from the start protects your agency and demonstrates compliance with all applicable requirements
Government Electronics Disposal FAQ
Do you follow NIST SP 800-88 for government equipment sanitization?
Yes. NIST Special Publication 800-88 Revision 1 is mandatory for federal agencies and widely adopted by state and local governments. We apply Clear, Purge, or Destroy methods based on the security categorization of the information system the device supported and the media type, exactly as specified in the NIST guidelines and the decision flow in Appendix A. Each device receives an individual certificate of destruction documenting the specific method applied, verification results, and responsible technician.
How do you handle equipment that contained Controlled Unclassified Information (CUI)?
Equipment that stored CUI requires sanitization at the Purge or Destroy level per NIST 800-88, depending on the specific CUI category, media type, and your agency's security policies. We work with your information security officer to identify the appropriate sanitization level for each CUI-bearing device and apply the corresponding NIST method. Our documentation specifically references CUI handling procedures to support your agency's compliance with 32 CFR Part 2002 and the CUI Registry requirements.
What is the difference between GSA surplus disposal and your ITAD service?
GSA surplus disposal through programs like GSAXcess follows federal property disposal regulations that require agencies to screen equipment across government before external release. Our ITAD service focuses on the data security, environmental compliance, and value recovery components that GSA surplus channels do not address. We handle certified data destruction, provide audit documentation, and pay your agency for equipment that still holds market value. Many agencies use our services to prepare equipment before it enters surplus property channels, or as an alternative path for equipment that requires certified data destruction.
Do you work with state and local government agencies?
Yes. We serve government agencies at all levels including federal civilian agencies, state departments, county governments, city and municipal agencies, tribal governments, and special districts such as school districts, water districts, and transit authorities. Each jurisdiction has unique procurement and disposal regulations, and we tailor our documentation to meet the specific requirements of your jurisdiction's property disposal and data protection rules.
What documentation do you provide for government audits?
Every government engagement produces a documentation package designed for IG, GAO, and state auditor review. This includes serialized asset inventories reconciled against your property management records, individual certificates of data destruction referencing specific NIST 800-88 methods and verification techniques, complete chain-of-custody records with timestamps, recycling certificates for non-functional units, and financial settlement statements. Documents are formatted to integrate with your property management system and satisfy your jurisdiction's specific audit requirements.
Can you handle large government IT refresh projects across multiple locations?
Yes. We manage disposition projects spanning multiple agency offices, departments, campuses, and even multiple jurisdictions. Our logistics team works within government facility security protocols, coordinates with building management and security staff, and schedules around operational requirements. Each location receives individual inventory tracking that consolidates into department-level or agency-level reporting for your CIO, ISSO, and property management teams.
Ready to Dispose of Surplus Government IT Equipment Compliantly?
Get a NIST-compliant quote for your agency's workstations, servers, and networking infrastructure. Audit-ready documentation with every government engagement. Most quotes returned within 24 hours.