The DoD 5220.22-M data wipe method has long been widely used by organizations as a standard for data erasure. This blog discusses what DoD 5220.22-M is, recent issues relating to it, and its applications.
What is DoD 5220.22-M?
The DoD 5220.22-M data wipe method is a software-based process to overwrite existing information on a hard drive or other storage with patterns of ones and zeros to make the original data irrecoverable.
This method is typically implemented in the following manner:
- Pass 1: Writes all addressable segments of the hard disk drive (HDD) with a zero
- Pass 2: Writes all addressable segments of the HDD with a one
- Pass 3: Writes all addressable segments of the HDD with a random character
- Verify the final pass
History of DoD 5220.22-M
In 1995, the above DoD 3-pass method for data erasure was first published in US Department of Defense document #5220.22-M. In 2001, a 7-pass method, DoD 5220.22-M ECE, was added in a DoD memo. The most recent version, released in 2006, no longer specified the standard data erasure method. Thus, in other words, both the usual 3- and enhanced 7-pass methods are not accepted by the US Department of Defense anymore.
However, ‘the DoD wipe method’ is still the most common method of erasing data that many public institutions and companies around the world trust and use.
Why DoD 5220.22-M no longer specifies the standard
The emergence of new media
Conventional magnetic hard disks have matching physical-logical addresses. That is, the logical address specified when writing data to an HDD corresponds to the physical location on the disk platter of the HDD. However, this is no longer true for flash memory-based storage devices. Such a device typically has at least 20 percent or more physical capacity than its logical one. Further, the device’s firmware opaquely determines where data are written physically, for the technical characteristics of flash-memory. As a result, remnant data may be available to a sophisticated attacker even after overwriting on the entire storage has been performed. Therefore, many Solid State Drive (SSD)-based storage media support dedicated wipe commands, whereas the software-based overwrite method can only be used for magnetic type hard drives.
A single overwriting is very likely sufficient
some researchers have demonstrated that a single overwriting is enough to prevent data from being recovered (Gordon Hughes and Tom Coughlin, Craig Wright et al). Due to technological advances, the one-pass method is recognized as being sufficient, improving the efficiency of sanitizing operation by saving time. Finally, in 2014, NIST SP 800-88 Rev. 1 states that “for storage device containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.” Not everyone agrees on this approach, and many still prefer to overwrite several times. However, it is also true that the consciousness of having to overwrite three or seven times has disappeared.
Guidelines for Media Sanitization
‘NIST special publication 800-88 revision 1, Guidelines for media sanitization’ was released in 2014. The guidelines reflect more up-to-date media and sanitization technologies and also provide more detailed consideration of all sanitization methods such as wiping, degaussing, and physical destruction according to each media as well. Since 2014, regulations have cited the guidelines rather than the DoD standard.
Guidelines for Media Sanitization by NIST
The guidelines have become a comprehensive standard for data erasure in the US since their publication. They define three categories of media sanitization as follows:
– Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage devices. (wiping)
– Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques. (wiping, degaussing)
– Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data. (physical destruction)
The guidelines provide detailed media sanitization methods that meet the characteristics of each storage media for each category. According to the confidentiality level of stored data, organizations should prepare and implement policies and procedures by combining wiping, degaussing, and physical destruction for media sanitization, when they reuse or dispose of the media.
How to wipe all
The DoD 5022.22-M data wipe method is still the most widely used approach. It can often still be required by an organization’s policy or regulations. The method still works for HDDs, although it may be overkill. Sometimes, however, the method, as well as any other data wipe method based on overwrite, has an apparent limit for flash memory-based storage devices, including SSDs. SSDs must be erased using dedicated firmware command, according to the NIST guideline.
Secudrive Drive Eraser supports ATA (Advanced Technology Attachment) command for SSD sanitization as well as more than 20 international erasure standard algorithms including the DoD standard for magnetic hard disk wiping. It also provides logs and reports, which may be used later to confirm that a storage device has indeed been sanitized by a specific method. The logs and reports can be easily integrated with IT asset management systems. As a result, Secudrive Drive Eraser helps you easily to abide by the Guidelines for Media Sanitization in the system life cycle.