Everything You Need to Know About the DoD 5220.22-M Disk Wiping Standard & Its Applications Today

May 18, 2023 Blog Article

When vendors state that their solutions meet the DoD 5220.22-M “standard,” it typically means that their software will write to all addressable hard drive locations with a character, its complement, and a random character. This overwriting process must then be verified. This “three-pass” procedure is designed to prevent data from being recovered by commercially available means.

But is the DoD 5220.22-M standard (or, the longer DoD 5220.22-M ECE standard) the best wiping method for your organization?

Read more to learn about how the DoD data overwriting standard applies today.

Richard Stiennon - Blancco Contributor

Richard Stiennon Security executive Richard Stiennon has previously held roles such as Chief Strategy Officer of Blancco Technology Group from 2016-2017 and Vice President of Research at Gartner Inc. from 2000 to 2004. Currently, Richard is a cyber security lecturer at Charles Sturt University in Australia and a strategic advisory member of the International Data Sanitization Consortium. His book, There Will Be Cyberwar, was named a Washington Post bestseller in April 2016. Richard is regularly featured in news publications such as Forbes, Dark Reading, Infosecurity Magazine, Network World and BetaNews, where he comments on data governance, data management, and cyber security.

What is the DoD standard (aka DoD wiping)?

The “DoD standard,” referring to DoD 5220.22-M, is a term often used in the data sanitization industry. But what does this “standard” mean for enterprises, government entities, ITADs, and data sanitization solution providers?

To erase previously stored data, the simplest techniques involve overwriting hard disk drive storage areas with the same data—often using a pattern of all zeros. The deprecated DoD “standard” and similar methods take this a step further by prescribing multiple passes with random binary patterns. These techniques, at a minimum, make data unrecoverable through standard recovery methods, though they may not meet modern erasure standards.

When and why was DoD 5220.22-M adopted?

The DoD 5220.22-M method for data erasure first appeared in the early days of the data sanitization industry. When it was published by the U.S. Department of Defense (DoD) in the National Industrial Security Program Operating Manual (also known as “NISPOM,” “NISP Operating Manual,” or Department of Defense document #5220.22-M), it specified a process of overwriting hard disk drives (HDDs) with patterns of ones and zeros. The process required three secure overwriting passes and verification at the end of the final pass. This was in 1995, before the debut of smartphones and the widespread use of flash-based storage technologies.

The DoD short wipe

Reflecting its original requirements, the DoD 5220.22-M data sanitization method, also called the DoD 3-pass method or DoD short wipe, is usually implemented in the following way:

Erasing an HDD using the DoD 5220.22-M data sanitization method, sometimes listed with an “E” at the end (DoD 5220.22-M (E)), will prevent all software-based file recovery methods, as well as hardware-based recovery methods, from recovering meaningful data from the drive.

The DoD long wipe

In 2001, a DoD memo specified additional overwriting and verification methods that became accepted as part of the “standard.” The DoD 5220.22-M ECE method is an extended (seven-pass) version of the DoD 5220.22-M. This “DoD long wipe” runs the DoD 5220.22-M (E) twice, with an extra pass (DoD 5220.22-M (C)) sandwiched in between.

What does the DoD recommend for wiping drives today?

It’s been more than twenty years since that last 2001 DoD memo. Furthermore, the DoD NISPOM policy hasn’t specified an overwriting pattern for erasing hard drives since at least 2006.

In the most recent update, which occurred in 2021, the NISP Operating Manual became effective as a federal rule. Referred to as the “NISPOM rule,” it replaces the NISPOM previously issued as a DOD policy and, again, never specifies a method of data sanitization. 

Instead, it refers contractors to other government organizations (Cognizant Security Agencies, or CSAs). See § 117.18 Information system security

Even so, the three-pass method is still standard practice for many public and private sector organizations.

How do federal and private sector organizations now use the DoD 5220.22-M method?

Despite the absence of a current data erasure specification, the older three-pass DoD 5220.22-M sanitization method is still embedded in many public and private sector enterprise data disposal policies.

It’s one of the most common sanitization methods used in data destruction software, and is often perceived as an industry standard in the U.S.

Most data sanitization software, including Blancco Drive Eraser, supports multiple data sanitization methods, including both DoD 5220.22-M three-pass and seven-pass methods.

However, in most cases, this DoD technique is now less effective, more resource demanding, and less economical than more modern standards. Because of that, the DoD 5220.22 overwriting method has fallen out of recommended practice—even at many federal agencies

Yet because even historical Department of Defense standards are held in high esteem and carry great credibility, organizations’ internal policies and information security teams may still require it. It’s common for IT asset managers or data protection leaders to seek out “military-grade” erasure methods or ask for “the DoD wipe” when looking for the utmost in secure and trusted data deletion. Consumers and small businesses may even search for free “DoD wipe” software.

But making sure that sensitive data is removed completely and permanently can be critical, so it’s important to know what the best wiping standard is when disposing of drives and devices

Is the DoD wiping standard still the best data wiping standard for enterprise IT?

Today, DoD 522.22-M is readily available as a data wiping option, but it has been superseded by other data sanitization standards such as the Special Publication 800-88, “Media Sanitization Guidelines,” from the National Institute for Standards and Technology (NIST) and the IEEE Standard for Sanitizing Storage (IEEE 2883)from the Institute of Electrical and Electronics Engineers.

NIST SP 800-88 lays out guidance for sanitizing data from various forms of media, not just HDDs. It addresses flash-based drives, mobile phones, and more, introducing methods to achieve NIST 800-88 Clear and NIST 800-88 Purge levels of sanitization. IEEE 2883 takes sanitization even further, working closely with ISO/IEC 27040:2024 to address the most modern drives, such as NVMes.

Today's organizations use both HDDs and SSDs. Enterprise data sanitization requires more than a DoD wipe: Take a look at modern best practices.

DoD method quick facts

There are several reasons the DoD method is now considered outdated, some of which may influence you to consider using a different data wiping standard for complete data erasure:

In the IT asset disposition (ITAD) space, operators and customers often cite a “DoD certification,” but the reality is that no such certification exists.

Instead, the U.S. Department of Defense adheres to NIST 800-88. However, even this is a guideline, not a certification (to understand the importance of both data erasure certifications and third-party validations, see “Why are Data Erasure Certifications & 3rd Party Validations So Important?”). And, as previously mentioned, most government and other regulations and certification programs now cite NIST SP 800-88 media erasure guidelines—not DoD 5220.22-M.

A focus on NIST Media Sanitization Guidelines

In the past few years, NIST Special Publication 800-88 has become the go-to data erasure standard in the United States. Originally issued in 2006 and revised in December 2014, this publication addresses flash-based storage and mobile devices, which weren’t considered under the DoD process. NIST 800-88 outlines the preferred methodologies for data sanitization for hard drives, peripherals, magnetic and optical storage and other storage media under its “Minimum Sanitization Recommendations” in Appendix A. These methods include overwriting and Secure Erase, which is a protocol built into a hard drive.

Our article, “What is NIST 800-88, and What Does “Media Sanitization” Really Mean?” goes into greater detail, but essentially, NIST describes three methods that can help ensure that data is not unintentionally accessed:

The NIST Special Publication 800-88 was published with the intent to provide guidelines for sanitizing electronic media, and the table, “Media Sanitization Decision Matrix” in Appendix A can be very helpful to enterprises and others weighing different options for data destruction.

NIST SP 800-88 Rev. 1 does not, however, provide standards, requirements, or specifications. As of August 2022, this gap is being filled by an even newer standard, IEEE 2883, or, IEEE Standard for Sanitizing Storage. Adoption is in the early stages.

Learn about the latest global sanitization standard for modern technologies: New IEEE Data Erasure Standard Fills Technology Gap

What does it mean to erase to the DoD standard?

We’ve already noted that the current version of the NISPOM (DoD 5220.22-M) no longer specifies a method for secure erasure, which means it cannot be considered a formal standard.

The guidance indicates that the responsibility for defining instructions on clearing, sanitization, and the release of information system (IS) media falls to the accrediting Cognizant Security Authorities (CSAs). These CSAs include the Department of Defense, Department of Energy, Nuclear Regulatory Commission, Office of the Director of National Intelligence, and Department of Homeland Security.

When vendors state that their solutions meet the DoD 5220.22-M “standard,” it typically means that their software will write to all addressable hard drive locations with a character, its complement and a random character. It must also then be followed by verification. The procedure is designed to prevent data from being recovered by any commercially available process.

It’s important to note that the U.S. National Security Agency (NSA Advisory LAA-006-2004) stated in fall 2004 that using just one overwrite using the DoD process is sufficient to achieve data sanitization. However, disk wiping software cannot sanitize hard drives that have physically failed or internal hard drives that are disconnected. Such software is also limited in reaching data in hidden sectors on solid state drives.

Physical destruction vs. data erasure

If your drives are no longer required, another method to achieve data sanitization is physical destruction through melting, crushing, incineration or shredding.

Physical destruction is not ideal if you want to reuse your drives, as they’ll be completely destroyed, but even this method isn’t necessarily absolute. If any disk pieces remain large enough after destruction (especially on SSDs), they can still contain recoverable information. Data can also be vulnerable during the storage and transport phases—after decommissioning, but before destruction has taken place. Data erasure software, however, can be executed at the point of decommissioning, eliminating the risk of data breach when assets are retired. The process also verifies that no data is left behind, providing certifiable proof that devices may be safely reused.

Whichever method you choose, whether it be physical destruction or data erasure software or both, your organization must first have policies in place to govern drive disposal and data sanitization for other IT assets, including servers, laptops and removable media. These policies should include training for employees so that they can take proven steps to keep data out of harm’s way.

For the highest security environments—organizations can combine software-based data erasure with physical destruction. That way, there’s absolutely no chance the data can be recovered from devices in transition, or from any fragments, because data has been removed completely at the earliest possible stages.

Which data destruction method is right for you?

The DoD method is no longer considered best practice but may still be effective in certain scenarios and could be required by specific organizational policies or regulations. Most organizations now rely on NIST 800-88 sanitization methods to securely erase data and prevent unauthorized access to storage devices

While NIST 800-88 remains widely used, many organizations are transitioning to IEEE 2883 as it offers enhanced capabilities for addressing the challenges of high-density drives. This shift reflects the need for more advanced standards that align with the increasing complexity of modern storage technologies.

Are you curious about how IEEE 2883 can help your organization meet the demands of modern storage technologies? View our comprehensive resource.

Ensure complete, permanent media sanitization

Blancco data erasure solutions support leading data sanitization methods, including DoD 5220.22-M, NIST 800-88 Clear or Purge, and IEEE 2883, while holding more global certifications than any other software. Blancco ensures secure, compliant data erasure for virtually any government or enterprise storage device, leaving no data behind on hard disk drives or solid-state drives. 

See our supported standards for data sanitization.

Whether you rely on NIST 800-88 Clear or Purge, IEEE 2883, DoD 5220.22-M, or another leading data sanitization method, Blancco provides the most certified solution for secure and compliant data erasure across virtually any data storage device. 




This resource is regularly reviewed to reflect regulatory changes and was most recently updated on December 27, 2024, to include the latest information on data sanitization standards.