US DoD 5220.22-M erase method

The U.S. Department of Defense (DoD) 5220.22-M erase method is a data sanitization standard historically defined in the National Industrial Security Program Operating Manual (NISPOM). It specifies a process for securely overwriting data on magnetic storage media (e.g., hard drives, tapes) to prevent recovery of sensitive information.

Although it’s no longer the official DoD standard (and has been superseded by newer guidelines such as NIST SP 800-88 Rev.1), it remains one of the most referenced and implemented data-erasure methods in commercial software.

Technical Description

The DoD 5220.22-M method involves multiple overwrite passes using specific bit patterns:

Common 3-pass implementation:

  • Pass 1: Overwrite all addressable locations with binary zeros (0x00);
  • Pass 2: Overwrite all addressable locations with binary ones (0xFF);
  • Pass 3: Overwrite all addressable locations with a random character (pseudo-random data), and optionally verify the write;

Variations:

  • Some versions (e.g., DoD 5220.22-M (ECE)) add a verify step after each pass to confirm successful writing.
  • Others use seven passes, alternating between 0s, 1s, and random data to further reduce the chance of magnetic residue being recoverable.

Underlying Principle

The goal is to overwrite magnetic domains on a storage medium enough times that the original bit patterns (residual magnetization) are effectively destroyed. On older magnetic drives, forensic recovery of overwritten data was theoretically possible, which motivated multi-pass overwriting.

Modern drives, especially SSDs, use wear-leveling and remapping — meaning overwriting may not reliably reach all physical locations. Hence, software-based erasure methods like DoD 5220.22-M are not guaranteed effective for solid-state media.

Use Cases

  • Government and defense organizations (historically): To sanitize classified or sensitive data before declassification or repurposing of storage devices.

  • Corporate IT departments: For secure data disposal, ensuring that retired or redeployed hard drives don’t leak confidential data.

  • Data destruction services and erasure software: Many commercial tools (e.g., Blancco, DBAN) implement “DoD 5220.22-M wipe” as a configurable option.

  • Legacy systems: When physical destruction is not viable and the medium is magnetic (HDDs, tapes).

Modern Considerations

  • The DoD 5220.22-M method is deprecated and not recognized as a current federal standard.

  • For current best practices, the NIST SP 800-88 Rev.1 “Clear, Purge, Destroy” framework is preferred.

  • For SSDs, cryptographic erase or manufacturer-specific secure erase commands are more effective than overwriting.