DoD, NIST, or IEEE? Choosing the Most Secure Option from Modern Data Sanitization Standards

With data usage expected to reach 221 zettabytes by 2026 and breach costs averaging $4.88 million, minimizing your attack surface by securely erasing outdated drives and devices is more important than ever. Choosing the right data erasure standard is crucial for securing end-of-life business data and maintaining compliance with applicable data privacy laws.

Unfortunately, one of the most commonly accepted data sanitization standards, the U.S. Department of Defense (DoD) 5220.22-M data erasure standard, is likely insufficient for most modern enterprise needs. It isn’t recommended for modern asset sanitization, despite general industry recognition.

Instead, most organizations are turning to the National Institute of Standards and Technology (NIST) Special Publication 800-88 “Media Sanitization Guidelines,” updated in 2014. NIST 800-88 addresses most basic devices and drives but may not be as effective for complex storage devices such as SATA, SCSI, and NVMe drives.

To address advanced storage needs, the Institute of Electrical and Electronics Engineers introduced the IEEE 2883 standard in 2022, complemented by the ISO 27040 standard published in January 2024. Together, these provide comprehensive guidelines for data sanitization on modern storage technologies.

The table below shows key differences between the DoD, NIST, and IEEE data sanitization standards.

To learn more about modern sanitization standards, download the best practice.

You may be interested in:

Copenhagen said the quiet part out loud.

Efficient, Secure, Scalable: 3 Ways Blancco Drive Eraser Streamlines IT Asset Lifecycle Management

The Mac Effect

The Real Conversations from Retech Days Europe 2026