This is incorrect.The NISPOM covers the entire field of government-industrial security, of which data sanitization is a very small part (about two paragraphs in a 100 page document)[4].