Bitraser vs9/5/2023 Truth Behind DoD Failure on SSD DrivesĭoD 5220.22-M is not effective neither recommended for wiping SSD drives based on flash storage, primarily because SSDs rely on embedded processor & flash memory chips and not on magnetic strips. DoD Erasure standard moreover is resource-intensive, costly, and less effective than the modern erasure standard like NIST 800-88 that has emerged and replaced DoD 3 & 7 Pass as effective alternative. The need to overwrite data 3 to 7 times, as documented by NISP Operating Manual, became obsolete as modern hard drives are highly precise and use evolved writing technologies that eliminate the possibility of data being recovered after one overwriting pass. The evolution of modern hard drives since 1995, growth of mobile devices, and innovative storage technologies such as the flash storage media (SSDs) have raised concerns about the efficacy of multiple overwriting cycles that was propounded in the DoD method. This standard was not created to address chip-based storage. Drawback of the DoD Standard (DoD 5220.22-M / ECE)īeing the industry’s most prevalent overwrite pattern for more than a decade, DoD 5220.22-M sanitization started to cause functional issues on flash media storage (SSD) that has been a preferred choice over hard drives. Interestingly, the latest NISPOM rule published in 2021 continues to remain silent on any specific erasure standard for data sanitization. With a minor update in 2004 and later in 2006, the DoD operating manual did not specify any recommended overwriting method and delegated the data sanitization decision to government oversight agencies such as the CSA (Cognizant Security Agencies). The new standard involves two DOD 3 Passes and an extra standard pass with binary zeros in between. In 2001, the standard was upgraded to the DoD 5220.22-M ECE method, that is popularly known as DoD 7 Pass. The DoD document went through critical updates in 2001, 2004, and 2006. You may read our detailed article to know more about US DoD 5220.22 M and passes that constitute the erasure standard. DoD 5220.22-M also addresses sanitizing data from other media devices like tapes. The erasure method specifies overwriting the hard drive with three overwriting passes and verification at the end of the final pass. In our series of articles, we have already defined the DoD Erasure algorithm as DoD 5220.22 M, a standard published for the first time in the National Industrial Security Program Operating Manual (NISPOM) by the US Department of Defense (DoD) in the year 1995. What is the DoD Standard for Data Erasure? We will discuss this in detail in the upcoming sections. The DoD standard was introduced way back in 1995, whereas NIST is a more recent one introduced in 2006, revised in 2014, and accounts for more recent technological advancements that DoD lacks. The former is a standard formulated by the National Institute for Standards and Technology (NIST), and the latter is propounded by the US Department of Defense (DOD). While there are several global erasure standards and algorithms that define the overwriting process, the two most widely used data erasure standards are NIST 800-88 and DoD 3 & 7 Pass, respectively. These wiping programs are based on overwriting technology that overwrites the existing data with 0s and 1s to make it irretrievable. With rapid technological evolution, today professional data wiping software have made it possible for businesses to seamlessly wipe their end-of-life data beyond the scope of recovery, rendering the device usable. Emerging data protection laws across the globe are reinforcing the right of customers over their sensitive information, and businesses need to adopt robust data protection and data destruction policies to prevent leakage or unauthorized access. At a time when cases of data breach are rising, every organization is required to maintain data security and has a legal obligation to ensure that the sensitive customer information is permanently disposed of when it is no longer in use or when the IT assets reach their end of life.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |