![]() Over the past several years, the National Institute for Standards and Technology's (NIST) Special Publication 800-88: Guidelines for Media Sanitization has become the real world reference for data erasure compliance. For its own classified data, the DoD requires a combination of wiping, degaussing and/or physical destruction. ![]() The DoD is not in the business of certifying data destruction standards and has no mechanism for policing any given company's procedures. ![]() At some point, this pseudo standard took on a life of its own as third-party computer recycling and refurbishing companies, IT asset disposition (ITAD) firms and other types of organizations asserted DoD compliance on websites and marketing collateral.ĭoD 5220.22-M was never approved by the Department of Defense for civilian media sanitization, and even more importantly, the DoD never intended for it to be a standard for classified data. The fact that the DoD 5220.22-M protocol required three overwriting passes made it seem all the more secure, as did the implied Department of Defense imprimatur. A classic case of echo chamber knowledge distribution, the de facto adaption of this process was more of a marketing phenomenon than it was the result of any official policy supported by the Department of Defense.ĭoD 5220.22-M specifies a process that overwrites data on a hard drive with random patterns of ones and zeros. The DoD 5220.22-M standard for erasing or wiping data from a hard drive emerged early on in the evolving electronic data destruction business.
0 Comments
Leave a Reply. |