{"id":24166,"date":"2023-01-25T07:41:53","date_gmt":"2023-01-25T12:41:53","guid":{"rendered":"https:\/\/quantumlifecycle.com\/?p=24166"},"modified":"2023-09-06T08:55:23","modified_gmt":"2023-09-06T12:55:23","slug":"the-obsolescence-of-the-dod-standard-what-it-means-for-data-erasure","status":"publish","type":"post","link":"https:\/\/quantumlifecycle.com\/en_CA\/blog\/the-obsolescence-of-the-dod-standard-what-it-means-for-data-erasure\/","title":{"rendered":"The Obsolescence of the DoD Standard & What It Means for Data Erasure"},"content":{"rendered":"
The term \u201cDoD standard\u201d is widely used throughout the data sanitization<\/a> industry. It refers to DoD 5220.22-M, a standard for sanitizing data from hard drives. While basic data sanitization processes involve overwriting hard disk storage areas with the same data (a pattern of zeros), the DoD standard takes the process a step further with prescribed random overwriting methods. As a result, the process prevents data from being retrieved through standard recovery methods. Although the DoD process continues to be requested by businesses seeking hard drive<\/a> sanitization, it is no longer the industry standard. Here\u2019s what you should know.<\/p>\n The earliest version of DoD 5220.22-M was developed in the 1990s, when data sanitization was still new. In its first publication, the standard called for overwriting hard disk drives with patterns of ones and zeros.<\/p>\n The process is typically implemented in a three-pass method, which entails:<\/p>\n Finally, verification is performed to ensure the final overwrite pass was successful. This method will prevent software- and hardware-based recovering methods from retrieving data from hard drives.<\/p>\n In 2001, additional overwriting and verification methods were added, so that the original three steps are performed twice and an extra pass is added in between for a total of seven steps. Nonetheless, the three-pass method still remains a commonly used data sanitization method across the U.S. Yet, the latest DoD standards still haven\u2019t been revised to reflect updated overwriting patterns for erasing hard drives, so the industry has shifted to a newer method.<\/p>\n While DoD standards in general are highly esteemed, DoD 5220.22-M in particular is more resource intensive and less effective than other, newer methods. More importantly, the DoD standard isn\u2019t compatible with newer technology.<\/p>\n In the DoD wiping process, codes of ones and zeros are physically scratched into hard drives. With solid state drives (SSDs) commonly found in most newer devices, digital data is stored on integrated circuits. DoD erasure<\/a> won\u2019t work on this type of storage, but the erasure standards from the National Institute for Standards and Technology, NIST 800-88 Clear and NIST 800-88 Purge, will.<\/p>\n In addition to working for both SSDs and traditional hard drives, the NIST standard is preferred for several reasons. For one, in recent updates from the DoD, standard 5220.22-M is no longer mentioned as a secure form of hard disk erasure. The DoD employs a different technique for destroying its own classified data, calling for multiple approaches such as wiping and physical destruction. Moreover, regulations and certification programs (even within the government) now cite the NIST standards within their erasure guidelines, instead of DoD 5220.22-M.<\/p>\n Many companies requiring data erasure still request the DoD standard due to the fact that they may be referencing outdated requirements written by legal departments or risk management teams. This presents a good opportunity to connect with IT teams to refresh any language and policies to align with modernized and more effective data wiping<\/a> practices.<\/p>\n In our ongoing commitment to industry-leading practices, Quantum uses Blancco data erasure, which conforms with the latest NIST standards. Find out more about our data wiping and destruction protocols here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" The term \u201cDoD standard\u201d is widely used throughout the data sanitization industry. It refers to DoD 5220.22-M, a standard for sanitizing data…<\/p>\n","protected":false},"author":23,"featured_media":24167,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[76],"tags":[],"class_list":{"0":"post-24166","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blog","8":"entry"},"acf":[],"yoast_head":"\nWhy the DoD Standard Is Obsolete<\/h2>\n
\n
The Problems With Outdated Data Wiping<\/h2>\n
NIST: The New Gold Standard<\/h2>\n