DoD, NIST, or IEEE? Choosing the Most Secure Option from Modern Data Sanitization Standards

With data usage expected to reach 221 zettabytes by 2026 and breach costs averaging $4.88 million, minimizing your attack surface by securely erasing outdated drives and devices is more important than ever. Choosing the right data erasure standard is crucial for securing end-of-life business data and maintaining compliance with applicable data privacy laws.

Unfortunately, one of the most commonly accepted data sanitization standards, the U.S. Department of Defense (DoD) 5220.22-M data erasure standard, is likely insufficient for most modern enterprise needs. It isn’t recommended for modern asset sanitization, despite general industry recognition.

Instead, most organizations are turning to the National Institute of Standards and Technology (NIST) Special Publication 800-88 “Media Sanitization Guidelines,” updated in 2014. NIST 800-88 addresses most basic devices and drives but doesn’t work for complex storage devices like SATA, SCSI, and NVME drives.

To address advanced storage needs, the Institute of Electrical and Electronics Engineers introduced the IEEE 2883 standard in 2022, complemented by the ISO 27040 standard published in January 2024. Together, these provide comprehensive guidelines for data sanitization on modern storage technologies.

The table below shows key differences between the DoD, NIST, and IEEE data sanitization standards.

DOD 5220.22-M OR
DOD 5220.22-M ECE
NIST 800-88, REV. 1IEEE 2883-2022
NUMBER OF OVERWRITING PASSES3 or 70-10-1
NUMBER OF FIRMWARE-BASED ERASURE PASSES00-10-2
STANDARD LAST UPDATEDFeb 2006Dec 2014Aug 2022
CREATED FORU.S. government (specifically, Department of Defense)Primarily U.S. government but open to all organizationsAll organizations globally
VERIFIABLY SECURE METHOD OF ERASUREYes (HDDs only)YesYes
OUTLINES TECHNOLOGY-SPECIFIC DATA ERASURE METHODSNoYesYes
DETAILED GUIDANCE ON SANITIZING SATA, SCSI, AND NVME DRIVESNoNoYes

To learn more about modern sanitization standards, download the best practice.