In spite of the fact that it continues to hang on as the defacto "standard" for “erasing” or wiping data from a hard drives, the fact is that DoD 5220-M was never “approved” by the Department of Defense. The DoD never intended for it to be a standard for classified data.
Over the past several years, the National Institute for Standards and Technology’s (NIST) Special Publication 800-88: Guidelines for Media Sanitization has become the real world reference for data erasure compliance. Originally issued in 2006 and revised in 2012, SP 800-88 spells out preferred methodologies for wiping hard drives and other media under Minimum Sanitization Recommendations in Appendix A (see our summary, page 25). These methods include both over-writing and Secure Erase, a protocol built into the hard drive. This document has replaced the
DoD “standard” in terms of regulatory and certification practice, and yet good old DoD 5220.22-M continues to hang on in marketing statements.
The industry can save a whole lot of time and money by adopting the NIST's up to date recommendations for media sanitization. Read our white paper for more.