Want to safely remove data and ensure that it cannot be recovered? One of the sanitization methods that is widely used for this purpose is DoD 5220.22-M standard. Today we will dive into the details of this approach, explain its advantages and disadvantages, and help you implement it in your work.
What is DoD 5220.22-M?
DoD 5220.22-M (or the DoD standard) is one of the longest-standing and most frequently used data erasure specifications. Initially presented by the U.S. Department of Defense (DoD) in 1995, it provides a comprehensive description of the data sanitization process. Rather than simply erasing information, this method involves overwriting it with patterns of ones and zeros.
Let’s explore this in detail.
What Is the DoD 5220.22-M Wiping Standard?
There are two versions of the standard — the short and the extended one. Here’s the brief explanation of both of them:
The DoD Short Wipe Method
Originally DoD 5220.22-M contained 3 steps and was called the 3-pass (or short data wipe) method. It consists of the following passes:
- Pass 1. Overwrite every addressable location on the storage device with binary zeroes.
- Pass 2. Overwrite every addressable location with binary ones.
- Pass 3. Overwrite every addressable location with a random bit pattern.
After each step, the process should be verified to ensure that the previous pass was completed successfully.
The DoD Long Wipe Method
In 2001, the standard was updated and turned into a 7-pass (or long wipe) method. Although it sounds way more complex, the extended form is just a variation of the short one and includes the following passes:
- Pass 1. Overwrite every addressable location with binary zeroes.
- Pass 2. Overwrite every addressable location with binary ones.
- Pass 3. Overwrite every addressable location with a random bit pattern.
- Pass 4. Overwrite every addressable location with binary zeroes.
- Pass 5. Overwrite every addressable location with binary zeroes.
- Pass 6. Overwrite every addressable location with binary ones.
- Pass 7. Overwrite every addressable location with a random bit pattern.
Why Should All of Us Use the DoD 5220.22-M Wiping Standard?
If you have doubts whether or not to use the DoD 5220.22-M wiping standard, consider the following points before making a decision:
-
This method takes less time to run on the system in comparison to other, more advanced solutions. For example, the Gutmann method, that was presented in 1996, includes up to 35 passes, each of which consists not only from ones or zeroes but from different patterns. Due to its simplicity and reliability, the DoD 5220.22-M has become a gold standard for the whole industry.
-
Multiply verifications, that are an initial part of the process, ensure that the erasure is completed successfully. And it is equally important to prevent the data from being recovered. The last pass of the DoD standard is specifically aimed at this: after overwriting storage locations with random bit patterns it is almost impossible to restore the previous version.
-
As a follow-up to the first point, this global standard is widely used by all industry players, including government organizations. Therefore, applying the DoD 5220.22-M method is often required when you collaborate with them.
However, many companies and government organizations, including the Department of Defense, now use other methods of data erasure (and data destruction). The most common is NIST SP 800-88 Guidelines for Media Sanitization which addresses the crucial disadvantage of the DoD method — inability to work with flash media services. Almost 30 years ago the DoD standard was created primarily for wiping data from hard drives and now it isn’t suitable for chip-based storage.
What are the Pros and Cons of the DoD Wiping Method?
While the DoD 5220.22-M data wipe method has its advantages, it also has some limitations. Before using it, take a look at the comparison table of the pros and cons of this standard:
Pros |
Cons |
Standardized as the method complies with data protection regulations |
Unsuitable for flash media services (such as SSD) |
Securable as the data overwritten several times with different bit patterns |
Time-consuming when dealing with large amount of data |
Widely recognized as it is still commonly used in the industry |
More expensive compared to some modern methods |
How to Implement the DoD 5220.22-M Standard?
Implementing the DoD 5220.22-M standard as part of your data sanitization practice requires a few simple steps to ensure the secure erasure of data from physical storage devices:
-
Choose suitable software. Consider using NSYS Data Erasure solution as it provides safe, secure, certified data wiping from Android devices.
-
Make sure that all important data is backed up. All the information you might need in the future should be copied so that you won’t lose it irrevocably after erasure.
-
Select the 3- or 7-pass method depending on your requirements and expectations. For more sensitive data, it is preferable to use the 7-pass method despite its timecost.
-
Launch the data erasure process. Depending on the method and software you have chosen, it will take different amounts of time.
-
Verify that the process is finished successfully. You need to check that the data was overwritten and cannot be recovered. This step will ensure that the erasure was implemented properly.
For an effective and straightforward process, consider utilizing NSYS Data Erasure software. That will allow you to be 100% sure that no confidential data is left on your devices. Detailed reports will be provided after each erasure to ensure transparency and accountability.
With NSYS Data Erasure, you can confidently wipe off sensitive data with the utmost reliability and trust in the process. Leave a request and try NSYS Data Erasure today!