Under the ISOO, the Secretary of Defense is nominally the Executive Agent, but the NISP recognizes four different Cognizant Security Agencies, all of which have equal authority: the Department of Defense, the Department of Energy, the Central Intelligence Agency, and the Nuclear Regulatory Commission.
The NISPOM establishes the standard procedures and requirements for all government contractors, with regards to classified information.
Chapters and selected sections of this edition are:[4] DoD 5220.22-M is sometimes cited as a standard for sanitization to counter data remanence.
The NISPOM actually covers the entire field of government–industrial security, of which data sanitization is a very small part (about two paragraphs in a 141-page document).
The Defense Security Service provides a Clearing and Sanitization Matrix (C&SM) which does specify methods.