DoD 5220.22-M Data Wipe Method [US DOD Wipe Standard]

Details on the DoD 5220.22-M Data Wipe Method

Image of a binary code overlay on a cube shape
© KTSDESIGN / Science Photo Library / Getty Images

DoD 5220.22-M is a software based data sanitization method used in various file shredder and data destruction programs to overwrite existing information on a hard drive or other storage device.

Erasing a hard drive using the DoD 5220.22-M data sanitization method will prevent all software based file recovery methods from lifting information from the drive and should also prevent most if not all hardware based recovery methods.

The DoD 5220.22-M method is often incorrectly referenced as DoD 5220.2-M (.2-M instead of .22-M).

DoD 5220.22-M Wipe Method

The DoD 5220.22-M data sanitization method is usually implemented in the following way:

  • Pass 1: Writes a zero and verifies the write
  • Pass 2: Writes a one and verifies the write
  • Pass 3: Writes a random character and verifies the write

You might also come across various iterations of DoD 5220.22-M including DoD 5220.22-M (E), DoD 5220.22-M (ECE), or others. Each will probably use a character and its compliment (as in 1 and 0) and varying frequencies of verifications.

While less common, there's another altered version of DoD 5220.22-M that writes a 97 during the last pass instead of a random character.

Free Software That Uses the DoD 5220.22-M Wipe Method

There are several free programs that have the option to utilize the DoD 5220.22-M sanitization standard to erase all the information from a hard drive.

My favorite hard drive data wiping tool that uses DoD 5220.22-M, among other methods, is DBAN, but a few others have it as an option, too. Two favorites include CBL Data Shredder and ErAce.

As I mentioned above, some file shredder programs, data wiping programs that act on just one or more selected files instead of an entire drive, also use DoD 5220.22-M.

Examples of some free file shredders that have an option for DoD 5220.22-M based file scrubbing include Eraser, Securely File Shredder, and Freeraser.

More About DoD 5220.22-M

The DoD 5220.22-M sanitization method was originally defined by the US National Industrial Security Program (NISP) in the National Industrial Security Program Operating Manual (NISPOM) located here (PDF) and is one of the most common sanitization methods used in data destruction software.

Most data destruction programs support multiple data sanitization methods in addition to DoD 5220.22-M.

Note: The NISPOM does not define any US government standard for data sanitization. The Cognizant Security Authority (CSA) is responsible for data sanitization standards.

As I understand it, the DoD 5220.22-M method is no longer permitted (nor is any software based data sanitization method) for use by various members of the CSA including the Department of Defense, the Department of Energy, the Nuclear Regulatory Commission, and the Central Intelligence Agency.