BitRaser >
Article >
Use Of The DoD 5220.22-M Standard For Drive Erasure

BITRASER^®

Use Of The DoD 5220.22-M Standard For Drive Erasure

Written By

Sanjeev Yadav linkdin

Updated on

Aug 08, 2024

Min Reading

3 Min

Summary: The DoD 5220.22-M standard is a three-pass method that overwrites data with a series of zeros, ones, and random characters to ensure that the original data cannot be recovered by any means. Although this has been the most sought-after data sanitization standard for a while, evolution in media technology has led to more advanced and comprehensive standards like NIST SP 800-88. BitRaser meets the requirements of both of these standards to permanently erase data from HDDs and SSDs before they can be donated, sold, repurposed, disposed of, or recycled. To know more about DoD 5220.22-M, its use, and its benefits, read the article below.

There are numerous standards defined over the past several decades to govern data wiping and other data destruction techniques for safe and compliant media sanitization practices. For data erasure, these standards determine the overwriting patterns and passes set by government agencies and private institutions across the world.

The DoD 5220.22 standard was published by the U.S. Department of Defense (DoD) in the National Industrial Security Program Operating Manual (also known as NISPOM or Department of Defense document #5220.22-M). The DoD standard was developed in 1995 for high-security institutions like the Pentagon, etc. At the time of its launch, the standard had set a benchmark for data wiping and hardware disposal with its DoD Information Assurance Certification and Accreditation Process (DIACAP).

This article provides insight into the U.S. Department of Defense (DoD) 5220.22-M standard for drive erasure. It also deep dives into the steps involved in the US DoD data wipe standard for sanitizing media, memory, and drives in equipment. Further, it provides guidance regarding sanitization (data destruction) and disposition of the most common media used (e.g., hard drives) and equipment used for classified processing. The Clearing and sanitization matrix is explained as per the NISPOM manual.

What is the DoD 5220.22-M Standard?

DoD 5220.22-M Standard is a widely recognized method for data sanitization used by organizations, including government agencies worldwide, for performing drive erasure. In the media sanitization circles, it is known as the US DoD data wipe standard. The standard involves overwriting the previously stored information on a hard drive with specific binary patterns repeatedly (3 times or 7 times) depending upon the number of passes defined in the organization’s policy.

The following passes constitute the US DoD data wipe standard:
Pass 1: All addressable locations are overwritten with binary zeroes
Pass 2: All addressable locations are overwritten with binary ones
Pass 3: All addressable locations are overwritten with a random bit pattern

The final overwrite pass is then verified.

In 2001, DoD published the DoD 5220.22-M ECE method, a 7-pass version of the original standard. It runs DoD 5220.22-M twice and an extra pass (DoD 5220.22-M (C) Standard) in between.

Pass 1: All addressable locations are overwritten with binary zeroes
Pass 2: All addressable locations are overwritten with binary ones (the compliment of the above)
Pass 3: All addressable locations are overwritten with a random bit pattern
Pass 4: All addressable locations are overwritten with binary zeroes
Pass 5: All addressable locations are overwritten with binary zeroes
Pass 6: All addressable locations are overwritten with binary ones (the compliment of the above)
Pass 7: All addressable locations are overwritten with a random bit pattern
Verify the final overwrite pass.

Despite the upgrades, the three-pass method is still the standard implementation for DoD-level data wiping. However, the NISPOM official manual, ‘Page 122,’ requires organizations to follow NIST SP 800-88 Rev 1 Guidelines for Media Sanitization when making practical sanitization decisions based on the level of confidentiality of information (especially for SSDs, hybrid drives, etc.).

Why Use the DoD 5220.22-M Standard?

The DoD 5220.22-M data wipe algorithm is widely recognized as a leading method for data destruction, maintaining its status as an industry standard for hard drive erasure in the U.S. The DoD 5220.22-M data wipe standard performs verification at the end of each pass. This ensures that the data is duly overwritten. In addition to zeroes and ones, DoD 5220.22-M uses random characters to overwrite the storage locations on a hard drive. The inclusion of random characters reduces the probability of data recovery. However, for high-capacity hard drives or large inventories of storage drives, this method is more time-consuming than NIST Clear or NIST Purge methods. Additionally, a 3-pass wipe using the DoD standard can shorten the lifespan of SSDs compared to the one-pass wipe prescribed by NIST Clear.

According to the Defense Security Service (DSS) Assessment and Authorization Process Manual (DAAPM) Version 1.3, released on June 4, 2018, the Media Sanitization Matrix below outlines appropriate methods to be used for Destroying Media as per the media type. The table below shows the approved method for sanitizing different media types.

Further, the NISPOM Operating Manual (Incorporating Change 2, May 18, 2016) specifies in Section 3, Security Controls, 8-302(g(3)) Media Protection: “Sanitize or destroy ISs media before disposal or release for reuse in accordance with procedures established by the CSA.”

Clearing and Sanitization Matrix

Media	Clear	Sanitize	Order
Magnetic Tape
Type I	Degauss	Degauss	-
Type II	Degauss	Degauss	-
Type III	Degauss	Degauss	-
Magnetic Disk
Bernoulli	Degauss or Overwrite	Degauss	-
Floppy	Degauss or Overwrite	Degauss	-
Non-Removable Rigid Disk	Overwrite or Degauss	Pattern Overwrite	-
Removable Rigid Disk	Degauss or Overwrite	Pattern Overwrite	-
Optical Disk
Read Many, Write Many	Pattern Overwrite	-	-
Read Only	-	Destroy if classified information is present	-
Write Once, Read Many (WORM)	-	Destroy if classified information is present	-
Memory
DRAM	Overwrite or Remove Power	Overwrite or Remove Power	-
EAPROM	Chip Erase	Chip Overwrite	-
EEAPROM	Chip Erase	Random Overwrite	-
EPROM	UV Erase	Triple UV Erase and Overwrite	Triple UV Erase followed by Overwrite
FEPROM	Chip Erase	Chip Erase and Overwrite	Chip Erase followed by Overwrite
PROM	Overwrite	-	-
Magnetic Bubble Memory	Overwrite or Degauss	Overwrite	-
Magnetic Core Memory	Overwrite or Degauss	Pattern Overwrite	-
Magnetic Plated Wire	Overwrite	Overwrite and Long Overwrite	Overwrite and Long Overwrite
Magnetic Resistive Memory	Overwrite	-	-
NOVRAM	Overwrite	Overwrite	-
ROM	-	Destroy	-
SDRAM	Overwrite or Remove Power	Overwrite or Remove Power	-
SRAM	Overwrite or Remove Power	Overwrite or Remove Power	-
Other Media
Video Tape	-	Destroy	-
Film	-	Destroy	-
Equipment
Monitor	Remove Power	Screen Destroy	-
Impact Printer	Remove Power	Destroy Ribbons	Destroy Ribbons then Remove Power
Laser Printer	Remove Power	Run Page	Run Page then Remove Power

Destruction of the media is an approved Sanitize method for all media types mentioned below, except for Equipment (Monitor, Impact Printer & Laser Printer). Destruction is only mentioned specifically where it is the sole method of 'Sanitize'. The Order column is only applicable when a combination of two procedures is required to sanitize the media.

Note: We have abbreviated the sanitization methods for your easy understanding. Their actual meaning is given below per DAAPM Version 1.3.

Degauss: Degauss media using a Type I, II, or III degausser.
Overwrite: Overwrite each addressable location with a single character using an approved overwrite utility.
Pattern Overwrite: It is for spills only, first overwrite with a pattern, followed by its complement, and then with another unclassified pattern. However, sanitization is considered to be complete only when three cycles are done. Verification of the sample is necessary. If during verification any part of the disk is found to be un-writable or inaccessible, then destroy or degauss the disk.
Remove Power: Remove the power source, including any connected batteries.
Chip Erase: Perform a full chip erase as per the manufacturer's instructions.
UV Erase: Perform an ultraviolet erase as per the manufacturer's recommendation.
Chip Overwrite: Perform Chip Erase, then perform Overwrite a total of three times.
Random Overwrite: Overwrite all locations first with a random pattern, followed by binary zeros, and then with binary ones using an approved overwrite utility.
Triple UV Erase: Perform an ultraviolet erase as per the manufacturer's recommendation, increasing time by a factor of three.
Long Overwrite: Each overwrite must reside in memory longer than the time classified data resided in it.
Destroy Ribbons: Ribbons have to be destroyed, and Platens have to be cleaned.
Screen Destroy: Inspect and test the screen surface for evidence of burn-in information. If the information is present, then the screen must be destroyed.
Run Page: Run 1 page (font test acceptable) when the print cycle is not completed (e.g., paper jam or power failure). Dispose of output as unclassified if visual examination does not reveal any classified information.

To Wrap Up

DoD 5220.22 data wipe standard still carries a lot of credibility and is held in high esteem as it provides a robust 3-pass erasure that is detailed and efficient. This standard is meaningful for wiping PC, laptop, HDD, SSD, etc. NIST 800-88 is recommended by DoD for wiping classified, confidential information from newer media like NVMe drives, hybrid drives, etc. Many government institutions follow both DoD and NIST standards as components of their drive erasure and data disposition policy to reuse, recycle, and reallocate media and achieve an organization’s sustainability goals.

DoD and NIST-compliant data wipe software tools such as BitRaser Drive Eraser help erase the hard drives, SSDs, PCs, laptops, and Macs as per the DoD and NIST standards. This software generates tamper-proof certificates and reports for audit trails and helps attain regulatory compliance with data privacy laws and regulations like CCPA, SOX, GLBA, FACTA, PCI-DSS, EU-GDPR, etc.

Was this article helpful?

FAQs

What does DoD 5220.22-M mean?

DoD 5220.22-M Standard is a widely recognized method for data sanitization used by organizations, including government agencies worldwide, for performing drive erasure. The standard involves overwriting the previously stored information on a hard drive with specific binary patterns repeatedly (3 times or 7 times).

How many passes is a DoD wipe?

The DoD method is based on overwriting the addressable memory locations in hard disk drives with 'zeroes' and 'ones' as binary patterns. The standard defines the implementation of three secure overwriting passes with verification at the end of the final pass. The DoD 5220.22-M ECE method is a 7-pass version of the original standard. It runs DoD 5220.22-M twice and an extra pass (DoD 5220.22-M (C) Standard) in between.

How secure is the DoD 5220.22-M standard?

The DoD 5220.22-M data wipe standard performs verification at the end of each pass. This ensures that the data is duly overwritten. In addition to zeroes and ones, DoD 5220.22-M uses random characters to overwrite the storage locations on a hard drive. The inclusion of random characters reduces the probability of data recovery.

How long does DoD 5220.22-m take?

Although DoD 5220.22-M is a leading method for data destruction for high-capacity hard drives or large inventories of storage drives, this method is more time-consuming than NIST Clear or NIST Purge methods. Additionally, a 3-pass wipe using the DoD standard can shorten the lifespan of SSDs compared to the one-pass wipe prescribed by NIST Clear.