We wrote about this a couple of years ago, yet it’s still a popular discussion.  Many organizations still request a “DoD wipe” (“Department of Defense wipe”) or a “3–pass” to wipe data from their hard drives.  Do you know what that means, and where it comes from?  The DoD 5220.22-M standard was developed in the 1990’s and published in 1999 for the US Dept of Defense to handle the destruction of sensitive (but not top secret) data.  Since then, it has been referenced as the standard for data sanitization.  However, technology has changed a lot since the 1990’s.

During the creation of the original 5220.22-M the technology basis for data sanitization practices were slow magnetic hard drives with capacities less than 1 megabyte.  The write – and therefore overwrite – was not high density or precise.  So overwriting 3 times was assumed to be the right number to ensure that all data had been erased.  There is no documentation that this was based on actual testing of hard drives and media, however.  It was just assumed to be a good number.  And at the time, this was a manual overwrite – there was no software tool to execute the overwrite.  So it was difficult to document what overwrite had occurred, and whether it was performed completely and successfully.

In 2006 NIST SP-800-88 stated that “Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack.” That same year DoD 5220.22-M removed all verbiage on single vs multiple pass.  (Go ahead and check – it’s not in there anymore).  Essentially the message is “one pass is as good as multiple as long as it is verified complete.”

Now the DoD standard only describes one acceptable process for highly sensitive (classified, high risk) data: physical destruction or degaussing – which also destroys the drive for reuse.  The DoD standard does not address data erasure for reuse of hard drives.  So the standard of record data erasure passed from the DoD to NIST.

Since the original data erasure standards were developed, software tools have become available that enable both the overwrite (erasure) and the verification of successful completion.  The professional, certified software tools have been tested extensively and validated by numerous laboratories and hard drive OEMs.  A key to the NIST standard is not the number of times the overwrite is performed, but verifying that is completed successfully.  This should be documented.  If a drive can’t be sanitized successfully, it should be physically destroyed – in a manner that also meets the NIST 800-88 standard.

NIST has drafted a revision to SP-800-88 to incorporate new technology complications – Solid State Drives. These can securely be erased – but not the same way as traditional hard drives.   Learn about erasure for SSD’s from this whitepaper: Advances in SSD Data Erasure Solutions.