What is the DoD 5220.22-M Wiping Standard?
Simply put: the DoD 5220.22-M Wiping Standard was developed by the Department of Defense in order to protect and/or destroy your sensitive data. Software has to be able to meet these standards in order for the data stored on them to be safely unrecoverable.
There are many ways you can protect, erase or destroy your data. The DoD 5220.22-M Wiping Standard is one that overwrites on top of your preexisting data. Knowing how it works is important so that you know which method of data erasure might be best for your needs or for your business.
How Does the DoD 5220.22-M Wiping Standard Work?
Basically, when someone says that their software meets the DoD 5220.22-M Wiping Standard, it means that it will write to all hard drive locations with a character, it’s complement, and a random character followed by a verification. This is called a “three-pass” procedure. It was designed this way to prevent data from being recovered at all.
The Department of Defense set these standards to make sure that the data on each drive is overwritten many times. This process of overwrites ensures the data is unrecoverable while also allowing the drive to be used for other things in the future. The downside of the DoD 5220.22-M Wiping Standard? It doesn’t work for a USB or cell phone. It only works for computers and larger hard drives.
Types of Overwrites
The three-pass overwrite we mentioned earlier meet the minimum DoD 5220.22-M Wiping Standard requirements. However, there is also a seven-pass overwrite, as well. Here is the difference:
- Three Pass Overwrite: This option means that the data is overwritten with a set of characters, three times. This is a “0” character, followed by a single pass with a “1” character, and a final pass with a random character. In the end, there is a verification pass to make sure that all the data has been overwritten, and nothing is left vulnerable.
- Seven Pass Overwrite: Similarly to the three-pass overwrite, the seven-pass overwrite overwrites the data many times. However, it’s (obviously) with more passes. This includes a “0” character pass, a “1” character pass, random character pass, a second random character pass, a “0” character pass, a “1” character pass, and a random character pass before the final verification pass.
How does DoD 5220.22-M Wiping Standard Compare to Other Data Erasure Methods?
Depending on your needs, there are a couple more ways to ensure your data is unrecoverable. This is important if you are a mobile phone retailer since the DoD standard does not apply to mobile phones. This includes physical destruction, as well as the NIST SP 800-88.
Obviously, nothing gets rid of data better than just completely destroying it. This includes shredding it, melting it to nothing, crushing it to bits, throwing it into a fire, bashing it with a mallet to get all your anger out, or whatever your heart desires. You just have to make sure absolutely every piece of the device is destroyed, because some programs out there can lift data off of even the smallest piece of a hard drive. While physical is certainly an effective means of getting rid of your data, it also (obviously) renders your device completely useless. This is certainly not ideal for mobile phone retailers, so keep reading.
NIST SP 800-88
If you are not able to destroy your device, then another way to make sure your data is erased is with the NIST SP 800-88 option. This is a totally separate standard of data erasure, developed by the National Institute of Standards and Technology of the United States because they figured out that the DoD 5220.22-M Wiping Standard didn’t work for destroying Top Secret information. It’s quickly become the go-to standard since it’s revision in 2014 because it considers everything from USB drives to mobile phones.
The NIST 800-88 standards describe three methods for erasing hard disk drives of sensitive data:
- Erasing – Erasing data using Read and Write commands to the storage device.
- Degaussing – Basically, a demagnetizing process to erase a hard drive or tape
- Shredding – Physically destroying the device to smithereens
As a matter of fact, it considers physically shredding hard drives the most secure form of data destruction and urges that should be used for all levels of sensitive information. However, whether or not you ultimately want to toast your device is up to you.
Ideal for Small Businesses
Small businesses have become targets for hackers. According to Security Magazine, The Small Business Cybersecurity Act required NIST to offer SMBs resources to measure their current security protections against best practices. NIST data security guidance includes simplified cybersecurity framework, risk assessments, and third-party breach education.
Erasing each and every device of its data can be a daunting task as a small mobile phone business. If you are looking for a great data erasure solution for your business, PhoneCheck offers secure data erasure that meets these high standards. If you need to erase your data, check the working quality of your phone and get the best value out of it, our certification process can get that done in 2 minutes or less. This includes the Bluetooth and wifi signal strengths, speaker and microphone functionality, screen rotation functionality and much much more.
Yes, it’s a certification process – it prints out an actual certificate, so you and the buyer have total transparency from a third party (us) about exactly what they are getting. This means better trust, a better reputation, and happy customers.
Let Us Know!
What have you found effective in erasing your data? Have you ever had to physically destroy a device, or do you find other standards of erasure are sufficient for you? Let us know in the comments!