A Comprehensive List of Data Wiping and Erasure Standards

Oct 19, 2017 Blog Article

There are numerous data erasure and data wiping standards for the secure removal of sensitive information from PC hard drives, removable media, LUNs and other storage devices. Rigorous standards for these procedures are set forth by government agencies and private institutes across the globe. View the data wiping and erasure standards below, then decide which one(s) is the best fit for your business.

Katie Jefcoat - Blancco Author

Katie Moss Jefcoat Katie has launched and supported marketing campaigns for B2B technology companies since 2011. From 2016 to 2021, Katie served Blancco in the roles of content manager and senior product marketing manager, communicating the features and benefits of Blancco products, evaluating market and competitive trends, supporting sales enablement, and representing the voice of the customer.

Standard Name# of PassesDescription
Air Force System Security Instruction 50202Originally defined by the United States Air Force, this 2-pass overwrite is completed by verifying the write.
Aperiodic random overwrite/Random1This process overwrites data with a random, instead of static, pattern. Each sector of the drive will contain different data. This process is completed by verifying the write.
Blancco SSD ErasureProprietaryBlancco’s multi-phase, proprietary SSD erasure approach utilizes all supported SSD security protocols. This innovative method includes multiple random overwrites, firmware level erasure, freeze lock removal and full verification.
Bruce Schneier’s Algorithm7This 7-step process, presented by security technologist Bruce Schneier, overwrites using 1s, 0s and a stream of random characters.
BSI-2011-VS4This 4-pass system is the original BSI standard defined by the German Federal Office of Information Security.
BSI-GS1Defined by the German Federal Office for Information Security, this process begins by removing hidden drives (HPA/ DCO if existing) and overwriting with aperiodic random data. The next step triggers a firmware based command dependent on the type of drive. The last step is to verify the write.
BSI-GSE2The BSI-GSE adds one extra step to the BSI-GS. After the first overwrite, an additional overwrite with aperiodic random data is added before moving on to the last two steps.
CESG CPA – Higher Level3The UK government’s National Technical Authority for Information Assurance standard is a 3-pass process with a verification after each step.
Cryptographic Erasure (Crypto Erase)N/A
This method uses the native command to call a cryptographic erasure, which erases the encryption key. While the encrypted data remains on the storage device itself, it is effectively impossible to decrypt, rendering the data unrecoverable. Because this method uses the native commands as defined by the manufacturer, it is only available if supported by the drive being erased.
DoD 5220.22-M ECE7This method is an extended (7-pass) version of the DoD 5220.22-M. It runs the DoD 5220.22-M twice, with an extra pass (DoD 5220.22-M (C) Standard) sandwiched in between.

Make sure log file erasure is being carried out in compliance with global regulations.

Get your free data sanitization trial.

Standard Name# of PassesDescription
Extended Firmware Based Erasure3This Blancco-defined standard adds an overwrite as the first step and then follows the standard Firmware Based Erasure, making this a 3-step process.
Firmware Based Erasure2This Blancco-defined standard is a 2-step process triggers a firmware command that is dependent on the drive type. The last step of the process is to verify the write.
HMG Infosec Standard 5, Higher Standard3Used by the British Government, this 3-pass overwrite adds one additional write. Like the baseline standard, this process is completed by verifying the write.
HMG Infosec Standard 5, Lower Standard1Used by the British Government, this 1-pass overwrite consists of writing a zero pattern. This process is completed by verifying the write.
National Computer Security Center (NCSC-TG-025)3Defined by the US National Security Agency, this 3-pass system includes a verification after each pass of 0s, 1s and a random character.
Navy Staff Office Publication (NAVSO P-5239-26)3Published by the US Navy, this 3-pass system uses a specified character (and its complement) and a random character. The process is completed by verifying the write.
NIST 800-88 Clear1The National Institute of Standards and Technology Clear requires the removal of hidden drives (HPA/DCO, if existing). The data is then overwritten and verified.
NIST 800-88 Purge1This method requires the removal of hidden drives (HPA/DCO, if existing). A firmware based command is triggered depending on the type of drive, and the last step is the verify the write.
NSA 130-13Defined by the National Security Agency, this method uses a 3-pass overwrite: writes a random character, writes another random character and writes a known value. This process is completed by verifying the write.
OPNAVINST 5239.1A3Defined by the US Navy, this process is completed by verifying the write after a 3-pass overwrite—the first a random byte and static overwrite for the last two.

As the global leader in certified data erasure, Blancco supports 24+ international erasure standards set by government agencies, legal authorities and independent testing laboratories. Regardless of the internal standard(s) required by your government or organization, Blancco solutions can help you prove compliance and protect your data.

To learn more, contact your local Blancco representative today.

You may be interested in: