BitRaser >
Article >
Use Of The DoD 5220.22-M Standard For Drive Erasure

BITRASER^®

Use Of The DoD 5220.22-M Standard For Drive Erasure

Written By

Pravin Mehta linkdin

Updated on

July 10, 2023

Min Reading

3 Min

Summary: The DoD 5220.22-M standard is a three-pass method that overwrites data with a series of zeros, ones, and random characters to ensure that the original data cannot be recovered by any means. BitRaser uses this standard to erase data from different types of storage devices, including hard drives, solid-state drives, and flash drives. This tool can be helpful for businesses that need to ensure that their sensitive data is completely erased from their devices before disposing of them or recycling them.

DoD 5220.22-M Standard for Drive Erasure

There are numerous standards defined over the past several decades to govern data wiping and other data destruction techniques for safe and compliant media sanitization practices. For data erasure, these standards determine the overwriting patterns and passes set by government agencies and private institutions across the world. For E.g., the U.S. Department of Defense (DoD), the U.S. Navy, and the U.S. Air Force have their data erasure standards. Other examples include New Zealand Government's Community security bureau (NZSIT), the British HMG (Her Majesty's Government) Infosec standard, etc.

This article provides insight into the U.S. Department of Defense (DoD) 5220.22-M standard for drive erasure. It also deep dives into the steps involved in the US DoD data wipe standard for wiping hard drives. Finally, it gives you an overview of how to implement the standard for erasing hard drives at an industrial scale using DoD data-wiping software.

What is the DoD 5220.22-M Standard?

DoD 5220.22-M Standard is a widely recognized method for data erasure used by government agencies and organizations worldwide for performing drive erasure. In the media sanitization circles, it is known as the US DoD data wipe standard. The standard involves overwriting the previously stored data on a hard drive with specific binary patterns repeatedly through a specific number of passes.

The DoD method is based on overwriting the addressable memory locations in hard disk drives with 'zeroes' and 'ones' as binary patterns. The standard defines the implementation of three secure overwriting passes with verification at the end of the final pass.

The following passes constitute the US DoD data wipe standard:
Pass 1: All addressable locations are overwritten with binary zeroes
Pass 2: All addressable locations are overwritten with binary ones
Pass 3: All addressable locations are overwritten with a random bit pattern

The final overwrite pass is then verified.

In 2001, DoD published the DoD 5220.22-M ECE method, a 7-pass version of the original standard. It runs DoD 5220.22-M twice and an extra pass (DoD 5220.22-M (C) Standard) in between.

Pass 1: All addressable locations are overwritten with binary zeroes
Pass 2: All addressable locations are overwritten with binary ones (the compliment of the above)
Pass 3: All addressable locations are overwritten with a random bit pattern
Pass 4: All addressable locations are overwritten with binary zeroes
Pass 5: All addressable locations are overwritten with binary zeroes
Pass 6: All addressable locations are overwritten with binary ones (the compliment of the above)
Pass 7: All addressable locations are overwritten with a random bit pattern
Verify the final overwrite pass.

Despite the upgrades, the three-pass method is still the standard implementation for DoD-level data wiping.

Origins of the US Department of Defense (DoD) Data Erasure Algorithm

The Department of Defense (DoD) standard was developed in 1995 for high-security institutions like Pentagon etc. At the time of its launch, the standard had set a benchmark for data wiping and hardware disposal with its DoD Information Assurance Certification and Accreditation Process (DIACAP).

The DoD 5220.22 standard was published by the U.S. Department of Defense (DoD) in the National Industrial Security Program Operating Manual (also known as NISPOM or Department of Defense document #5220.22-M).

Why use the DoD 5220.22-M Standard?

The DoD data wipe algorithm provides one of the most recognized data destruction methods, and it is still perceived as one of the industry standards for hard drive erasure in the U.S. If you have a high-capacity hard drive or there are a lot of storage drives in your inventory, DoD 5220.22-M data wipe method will take less time than other more comprehensive data erasure methods like the Gutmann standard that involves 30 passes.

Further, the DoD 5220.22 M data wipe standard performs verification at the end of each pass. This ensures that the data is duly overwritten. In addition to zeroes and ones, DoD 5220.22 M uses random characters to overwrite the storage locations in a hard drive. The inclusion of random characters reduces the probability of data recovery.

According, to Defense Security Service (DSS) Assessment and Authorization Process Manual (DAAPM) Version 1.3 released on June 4, 2018, the Media Sanitization Matrix outlines appropriate methods to be used for Destroying Media as per the media type. The table below shows the approved method for sanitizing different media types:

Note: Destruction of the media is an approved Sanitize method for all media types mentioned below, except for Equipment (Monitor, Impact Printer & Laser Printer). Destruction is only mentioned specifically where it is the sole method of 'Sanitize'.

The Order column is only applicable when a combination of two procedures is required to sanitize the media.

Clearing and Sanitization Matrix *

Media	Clear	Sanitize	Order
Magnetic Tape
Type I	Degauss	Degauss	-
Type II	Degauss	Degauss	-
Type III	Degauss	Degauss	-
Magnetic Disk
Bernoulli	Degauss or Overwrite	Degauss	-
Floppy	Degauss or Overwrite	Degauss	-
Non-Removable Rigid Disk	Overwrite or Degauss	Pattern Overwrite	-
Removable Rigid Disk	Degauss or Overwrite	Pattern Overwrite	-
Optical Disk
Read Many, Write Many	Pattern Overwrite	-	-
Read Only	-	Destroy if classified information is present	-
Write Once, Read Many (WORM)	-	Destroy if classified information is present	-
Memory
DRAM	Overwrite or Remove Power	Overwrite or Remove Power	-
EAPROM	Chip Erase	Chip Overwrite	-
EEAPROM	Chip Erase	Random Overwrite	-
EPROM	UV Erase	Triple UV Erase and Overwrite	Triple UV Erase followed by Overwrite
FEPROM	Chip Erase	Chip Erase and Overwrite	Chip Erase followed by Overwrite
PROM	Overwrite	-	-
Magnetic Bubble Memory	Overwrite or Degauss	Overwrite	-
Magnetic Core Memory	Overwrite or Degauss	Pattern Overwrite	-
Magnetic Plated Wire	Overwrite	Overwrite and Long Overwrite	Overwrite and Long Overwrite
Magnetic Resistive Memory	Overwrite	-	-
NOVRAM	Overwrite	Overwrite	-
ROM	-	Destroy	-
SDRAM	Overwrite or Remove Power	Overwrite or Remove Power	-
SRAM	Overwrite or Remove Power	Overwrite or Remove Power	-
Other Media
Video Tape	-	Destroy	-
Film	-	Destroy	-
Equipment
Monitor	Remove Power	Screen Destroy	-
Impact Printer	Remove Power	Destroy Ribbons	Destroy Ribbons then Remove Power
Laser Printer	Remove Power	Run Page	Run Page then Remove Power

Note: We have abbreviated the sanitization methods for your easy understanding. Their actual meaning is given below per DAAPM Version 1.3:

Degauss: Degauss media using a Type I, II, or III degausser.
Overwrite: Overwrite each addressable location with a single character using an approved overwrite utility.
Pattern Overwrite: It is for spills only, first overwrite with a pattern, followed by its complement, and then with another unclassified pattern. However, sanitization is considered to be complete only when three cycles are done. Verification of the sample is necessary. If during verification any part of the disk is found to be un-writable or inaccessible, then destroy or degauss the disk.
Remove Power: Remove the power source including any connected batteries.
Chip Erase: Perform a full chip erase as per the manufacturer's instructions.
UV Erase: Perform an ultraviolet erase as per the manufacturer's recommendation.
Chip Overwrite: Perform Chip Erase then perform Overwrite, a total of three times.
Random Overwrite: Overwrite all locations first with a random pattern, followed by binary zeros, and then with binary ones using an approved overwrite utility.
Triple UV Erase: Perform an ultraviolet erase as per the manufacturer's recommendation, increasing time by a factor of three.
Long Overwrite: Each overwrite must reside in memory longer than the time classified data resided in it.
Destroy Ribbons: Ribbons have to be destroyed and Platens have to be cleaned.
Screen Destroy: Inspect and test the screen surface for evidence of burn-in information. If the information is present, then the screen must be destroyed.
Run Page: Run 1 page (font test acceptable) when the print cycle is not completed (e.g., paper jam or power failure). Dispose of output as unclassified if visual examination does not reveal any classified information.

* According to the NISPOM official Manual, 'Page 122,' organizations are advised to refer to the NIST SP 800-88 Rev 1 Guidelines for Media Sanitization when making practical decisions regarding sanitization.

The document specifies, "In addition, NIST Special Publication 800-88, Guidelines for Media Sanitization, dated Sep 2006, can assist organizations and system owners in making practical sanitization decisions based on the level of confidentiality of their information, ensuring cost-effective security management of their IT resources, and mitigate the risk of unauthorized disclosure of information."

How to Implement DoD 5220.22-M Standard?

The information security policy of many federal, state, and private firms requires the implementation of the DoD 5220.22-M standard as part of their data erasure practice. You can implement the DoD 5220.22-M standard with the help of professional DoD data wipe software like BitRaser Drive Eraser that can implement DoD 5220.22-M and other global standards to help government bodies and private organizations attain regulatory compliance.

Limitation of the DoD 5220.22-M Standard

Though the DoD data wiping standard was considered the benchmark standard for data destruction, for many years, it has been succeeded by other latest standards such as NIST SP 800-88. The main reason is the limitations of the DOD 5220.22M data wipe method concerning the erasure of flash memory-based storage. It was not designed to erase chip-based storage e.g. SSD. This is why many government organizations such as the Department of Defense, Nuclear regulatory commission, Department of Energy, Canadian standard association, etc. no longer cite DoD 5220.22 as a standard for secure erasure (or data destruction in the broader sense).

Final Thoughts

DoD 5220.22 data wipe standard still carries a lot of credibility and is held in high esteem as it provides a robust 3-pass erasure that is detailed and efficient. Therefore, many institutions follow the DoD standard as a component of their hard drive erasure and disposition policy.

DoD-compliant data wipe software tools such as BitRaser Drive Eraser helps erase the hard drives as per the DoD standard and generate tamper-proof certificates and reports for audit trails.

FAQs

What does DoD 5220.22-M mean?

DoD 5220.22-M Standard is a widely recognized method for data erasure used by government agencies and organizations worldwide for performing drive erasure.

How many passes is a DoD wipe?

The standard defines the implementation of three secure overwriting passes with verification at the end of the final pass. In 2001, DoD published the DoD 5220.22-M ECE method, a 7-pass version of the original standard. It runs DoD 5220.22-M twice and an extra pass (DoD 5220.22-M (C) Standard) in between.

What is DoD hard drive wipe?

The DoD 5220.22-M algorithm provides one of the most recognized data destruction methods, and it is still perceived as one of the industry standards for hard drive erasure in the U.S.

How long does DoD 5220.22-m take?

DoD 5220.22-M data wipe method will take less time than other more comprehensive data erasure methods like the Gutmann standard that involves 30 passes.

Is DoD 5220.22 m secure ?

The DoD method is highly secure method to wipe media as it is based on overwriting the addressable memory locations in hard disk drives with ‘zeroes’ and ‘ones’ as the binary patterns. The standard defines the implementation of three secure overwriting passes with verification at the end of the final pass.