We use cookies on this website. By using this site, you agree that we may store and access cookies on your device Read More Got it!
logo
  • Home
  • Products
    • Secure Drive Wiping SoftwareSecurely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software Erase & Diagnose iOS® & Android® Simultaneously
    • File Eraser SoftwarePermanently wipe files and folders, and erase traces of apps & Internet activity.
  • Solutions
    • Enterprise & SMBWipe hard drives, laptops, desktops, Mac® devices, mobile phones & rackmount storage.
    • Managed Service Provider & SIGlobally trusted data wiping & diagnostic solutions to augment your managed services competences
    • Government Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.
    • ITAD & Refurbisher Bulk erase loose drives, laptops, desktops, Mac devices, rackmount storage & mobile devices with centralized control.
    • Individual & Home User Safeguard invasion of privacy at the time of disposing old PC, laptop & mobile phone
  • Resources
    • CertificationsBitRaser - Tested & certified by multiple International Bodies
    • Reports & Certficates Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure StandardsGlobal erasure standards that help you comply to international laws & regulations
    • Technical Articles Series of articles to help understand data erasure & diagnostics
    • Product FactsheetExplore in-depth details of the features, benefits..
    • Deployment Get instructions on using BitRaser for wiping PC..
    • Case Studies Read Our Customer Case Studies Illustrating The Real-World Usage In Diverse Business Scenarios.
    • Frequently Asked Questions (FAQs) Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog Gain Latest Insights Into Data Erasure, Data Protection, Privacy And Regulations.
  • Partners
  • Products

    CASE STUDIES

    The best way to know about our solution is to read our customer case studies illustrating the real-world usage in diverse business scenarios.

    Read All Case Studies

    • Secure Drive Wiping Software
      Securely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network
      Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software
      Erase & Diagnose iOS® & Android® Simultaneously
    • File Erasure Software
      Permanently Wipe Files & Folders, Erase Traces Of Apps & Internet Activity
  • Solutions

    BITRASER® DATA ERASURE SOFTWARE

    Efficient, Easy & Permanent Wiping Of Sensitive Data Across Storage Devices. Guaranteed Data Privacy.

    Learn More

    • Enterprise & SMB
      Wipe Hard Drives, Laptops, Desktops, Mac® Devices, Mobile Phones & Rackmount Storage.
    • Managed Service Provider & SI
      Globally Trusted Data Wiping & Diagnostic Solutions To Augment Your Managed Service Competences.
    • Government

      Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.

    • ITAD & Refurbisher
      Bulk Erase Loose Drives, Laptops, Desktops, Mac Devices, Rackmount Storage & Mobile Devices.
    • Individual & Home User
      Safeguard Invasion Of Privacy At The Time Of Disposing Old PC, Laptop & Mobile Phone.
  • Resources
    • Product Certifications
      BitRaser - Tested & certified by multiple International Bodies
    • Sample Reports & Certificates
      Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure Standards
      Global erasure standards that help you comply to international laws & regulations
    • Technical Articles
      Series of articles to help understand data erasure & diagnostics
    • Product Factsheets
      Explore in-depth details of the features, benefits and specifications of our variants.
    • Deployment
      Get Instructions On using BitRaser for wiping PC, Mac, hard drives, mobile devices & files.
    • Case Studies
      Read our customer case studies illustrating the real-world usage in diverse business scenarios.
    • Frequently Asked Questions (FAQs)
      Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog
      Gain latest insights into data erasure, data protection, privacy and regulations.
  • Partners
  • +1-844-775-0101
  • Submit Enquiry

DoD vs. NIST- Which Is The Best Data Erasure Standard?

  • author image

    Written By Sunil Chandna linkdin

  • calender

    Updated on June 30, 2022

  • clock

    Min Reading 3 Min

The article will shed light on why data erasure standards specified by the US Department of Defense (DoD) and the National Institute of Standards and Technology (NIST) are popular and significant. We will discuss their pros & cons, why global bodies prefer one over the other, and summarize which is the best data erasure standard.

DoD vs NIST

At a time when cases of data breach are rising, every organization is required to maintain data security and has a legal obligation to ensure that the sensitive customer information is permanently disposed of when it is no longer in use or when the IT assets reach their end of life. Emerging data protection laws across the globe are reinforcing the right of customers over their sensitive information, and businesses need to adopt robust data protection and data destruction policies to prevent leakage or unauthorized access.

With rapid technological evolution, today professional data wiping software have made it possible for businesses to seamlessly wipe their end-of-life data beyond the scope of recovery, rendering the device usable. These wiping programs are based on overwriting technology that overwrites the existing data with 0s and 1s to make it irretrievable. While there are several global erasure standards and algorithms that define the overwriting process, the two most widely used data erasure standards are NIST 800-88 and DoD 3 & 7 Pass, respectively. The former is a standard formulated by the National Institute for Standards and Technology (NIST), and the latter is propounded by the US Department of Defense (DOD). The DoD standard was introduced way back in 1995, whereas NIST is a more recent one introduced in 2006, revised in 2014, and accounts for more recent technological advancements that DoD lacks. We will discuss this in detail in the upcoming sections.

What is the DoD Standard for Data Erasure?

In our series of articles, we have already defined the DoD Erasure algorithm as DoD 5220.22 M, a standard published for the first time in the National Industrial Security Program Operating Manual (NISPOM) by the US Department of Defense (DoD) in the year 1995. The erasure method specifies overwriting the hard drive with three overwriting passes and verification at the end of the final pass. DoD 5220.22-M also addresses sanitizing data from other media devices like tapes. You may read our detailed article to know more about US DoD 5220.22 M and passes that constitute the erasure standard.

The DoD document went through critical updates in 2001, 2004, and 2006. In 2001, the standard was upgraded to the DoD 5220.22-M ECE method, that is popularly known as DoD 7 Pass. The new standard involves two DOD 3 Passes and an extra standard pass with binary zeros in between. With a minor update in 2004 and later in 2006, the DoD operating manual did not specify any recommended overwriting method and delegated the data sanitization decision to government oversight agencies such as the CSA (Cognizant Security Agencies). Interestingly, the latest NISPOM rule published in 2021 continues to remain silent on any specific erasure standard for data sanitization.

Drawback of the DoD Standard (DoD 5220.22-M / ECE)

Being the industry’s most prevalent overwrite pattern for more than a decade, DoD 5220.22-M sanitization started to cause functional issues on flash media storage (SSD) that has been a preferred choice over hard drives. This standard was not created to address chip-based storage. The evolution of modern hard drives since 1995, growth of mobile devices, and innovative storage technologies such as the flash storage media (SSDs) have raised concerns about the efficacy of multiple overwriting cycles that was propounded in the DoD method. The need to overwrite data 3 to 7 times, as documented by NISP Operating Manual, became obsolete as modern hard drives are highly precise and use evolved writing technologies that eliminate the possibility of data being recovered after one overwriting pass. DoD Erasure standard moreover is resource-intensive, costly, and less effective than the modern erasure standard like NIST 800-88 that has emerged and replaced DoD 3 & 7 Pass as effective alternative.

Truth Behind DoD Failure on SSD Drives

DoD 5220.22-M is not effective neither recommended for wiping SSD drives based on flash storage, primarily because SSDs rely on embedded processor & flash memory chips and not on magnetic strips. Flash storage allows data to be written and erased from a given location for a fixed number of times in their lifecycle, and overwriting on an SSD for 3 or 7 cycles (as per DoD Standard) can exhaust the overall lifespan of SSD. This is the reason why most government organizations including the Department of Defense, Nuclear Regulatory Commission (NRC), Department of Energy, Canadian standard association, and the like, no longer mention DoD 5220.22-M as a secure erasure method for media sanitization.

Technological Advances Lead to Focus on NIST 800-88

The NIST 800-88 data erasure standard as formulated by the National Institute of Standards and Technology in 2006 has emerged as the most sought-after and widely used data sanitization standard today. Government agencies, regulatory bodies, and certifying authorities now prefer NIST 800-88 for media sanitization over the DoD 5220.22 M for the below reasons:

  • NIST 800-88 standard applies to vast storage devices like mobile devices, hard drives, SSDs, etc., unlike DoD 5220.22 M. It is a more recent and relevant standard.
  • With technology advancements, one overwrite pass is sufficient and desirable (in the case of SSDs). This helps reduce data sanitization time along with cost and resources.
  • NIST guidelines for media sanitization are comprehensive and offer detailed guidance basis media type for wiping, degaussing, and physical destruction, unlike US DoD standard.
  • Global payment card standards like PCI DSS, and International Standardization Organization’s ISO 27040 also recommend media sanitization techniques as laid by NIST 800-88 data erasure methods.

NIST 800-88- An Insight

NIST Special Publication was originally issued in 2006 and revised in December 2014 as NIST Special Publication 800-88, Revision 1: Guidelines for Media Sanitization. Appendix A of the NIST guideline specifies data sanitization for modern hard drives, evolving interfaces, magnetic & opal storage, and other storage devices. Apart from overwriting, the methods outline ‘Secure Erase Unit command’ that is built into the hard drive and performs instantaneous wiping. The revised guidelines state that “For storage devices containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.” Media Sanitization Decision Matrix in Appendix A is very helpful for organizations looking for suitable methods for data destruction. NIST 800-88 specifies Clear, Purge, and Destroy as secure methods of media sanitization. You may also like to read a detailed explanation of NIST 800-88 erasure standard in our article.

While NIST seems to be an exhaustive standard, however, it lacks defining roles and responsibilities within organizations for data sanitization.

NIST vs. DoD Data Erasure Standards: A Quick Comparison

The below DoD vs. NIST table aims to highlight major differences between the two most widely used standards of data erasure.

Parameters

DoD Standard

NIST Standard

First appearance

1995

2006

Latest Update

February 2006

December 2014.

Data Erasure Methods

3 to 7 Passes for overwriting

Clear, Purge, and Destroy

Efficiency

Less Effective and inefficient for SSDs

Effective for vast storage types

Verifiable Erasure

Yes (Only Hard Drives)

Yes (verification and certification both)

Cost involved

Higher as 3 to 7 passes are needed

Lower as 1 write pass is enough

Which Data Erasure Standard is the Best for You?

We have read so far that the latest version of the NISPOM (DoD 5220.22-M) rule also does not mention DoD 3 & 7 Pass as a recommended data erasure method. Evolving hard drive technology and widespread use of flash-based drives such as SSDs has led organizations to move away from using the DoD 5220.22-M for wiping their data to NIST 800-88. However, DoD still remains relevant for some organizations due to their information security policy and other regulations for wiping hard drives. With revised NIST guidelines of 2014, the fear of data recovery after one overwriting cycle has been put to rest. NIST clearly suggests that one write pass is sufficient for irretrievable data sanitization. Global government organizations such as NCSC (National Cyber Security Centre), BSI (German Federal Office for Information Security), NIST, and the likes, advocate 1 write pass as the safe method for overwriting, when followed by the verification of the overwrite, ensuring that every addressable storage locations have been overwritten.

BitRaser Data Eraser- NIST & DoD Compliant Solution

Whether you prefer to use DoD, NIST, or any other data erasure standards, BitRaser Data Eraser solutions for drive and mobile help meet your requirements for data erasure using 24 global erasure standards. Our data wiping solutions ensure that no data remains behind on HDDs, SSDs, and mobile devices. Our software is tested and approved by global bodies like NIST, DHS, ADISA, NYCE, etc. The tool generates certificates & reports of wiping that act as audit trails for enterprises & governments, helping them comply with global data protection laws and regulations.

FAQs

What is DoD standard for wiping hard drive?
DoD standard for wiping hard drives is a data erasure method that involves overwriting all the addressable locations on a hard drive as per the steps specified in the DoD 5220.22-M algorithm. Professional data erasure software like BitRaser Drive Eraser uses DoD 5220.22-M standard to wipe hard drives and SSDs.
What is NIST 800-88 standard?
The NIST 800-88 is a data erasure standard formulated by the National Institute of Standards and Technology in 2006 and revised in 2014 as NIST Special Publication 800-88, Revision 1: Guidelines for Media Sanitization. It specifies Clear, Purge & Destroy as secure methods of data sanitization.
What is NIST Clear?
The NIST Clear method specifies the use of software/hardware to overwrite the data with standard read and write commands in all user-addressable storage locations using logical techniques.
Can You Wipe SSDs using DoD 5220.22-M & NIST 800-88?
NIST 800-88 advocates using Clear and Purge techniques to securely perform data wiping on SSDs. DoD 5220.22-M, on the other hand, is not effective, nor recommended for wiping SSD drives based on flash storage, primarily because SSDs rely on embedded processors & flash memory chips, unlike hard drives that rely on magnetic strips.
Which is the preferred standard for wiping hard drives and SSDs?
Both DoD 5220.22-M and NIST 800-88 can be used to wipe hard drives beyond recovery. However, NIST 800-88 with one overwrite pass is widely preferred for both SSDs and hard drives.

BitRaser is NIST Certified

See All Certifications

Related Articles

From RCMP TSSIT OPS-II to ITSP.40.006. Canada’s Data Sanitization Standards. Explained.

Jan 20, 2023

Everything You Need To Know About Data Erasure

June 13, 2022

What Are The SERI R2V3 Data Sanitization Requirements Under Appendix B?

Jan 17, 2023


REACH US

Stellar Data Recovery Inc.

48 Bridge Street Metuchen, New Jersey 08840, United States

Call Us

+1-844-775-0101

Email Us

sales@bitraser.com

Follow Us

linkedin youtube

Useful Links

  • About Us
  • Legal Policy
  • Privacy Policy
  • Cookies Policy
  • Sitemap

NEWS AND EVENTS

  • News & Press Release
  • Events

PARTNERS

  • Our Partnership Models
  • Reseller
  • Distributor
  • OEM
  • ITAD

RESOURCES

  • Knowledge Series
  • Technical Articles
  • Knowledge Base
  • Blogs
  • Reports & Certificates
  • Download Brochure
  • Deployment
  • Product FactSheets
  • Case Studies
  • Our Clients
  • Residual Data Study

BitRaser® & Stellar Data Recovery are Registered Trademarks of Stellar Information Technology Pvt. Ltd. © Copyright 2023 Stellar Information Technology Pvt. Ltd. All Trademarks Acknowledged.

ISO Certified
NAID VENDOR
ERN VENDOR

Submit Enquiry

Submit Enquiry

Usage*:     Business   Personal
vijbc

I understand that the above information is protected by Stellar's Privacy Policy.

hxNlw

I understand that the above information is protected by Stellar's Privacy Policy.

Modal body..
24 Internationally Recognized Erasure Standards
NIST Clear
NIST-ATA Purge
US Department of Defense, DoD 5220.22-M (3 passes)
US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
US Department of Defense, DoD 5200.28-STD (7 passes)
Russian Standard – GOST-R-50739-95 (2 passes)
B.Schneier’s algorithm (7 passes)
German Standard VSITR (7 passes)
Peter Gutmann (35 passes)
US Army AR 380-19 (3 passes)
North Atlantic Treaty Organization-NATO Standard (7 passes)
US Air Force AFSSI 5020 (3 passes)
Pfitzner algorithm (33 passes)
Canadian RCMP TSSIT OPS-II (4 passes)
British HMG IS5 (3 passes)
Zeroes
Pseudo-random
Pseudo-random & Zeroes (2 passes)
Random Random Zero (6 passes)
British HMG IS5 Baseline standard 
NAVSO P-5239-26 (3 passes) 
NCSG-TG-025 (3 passes)  
5 Customized Algorithms & more

Listening...