DoD vs NIST: Who Has the Most Secure Data Destruction Standards?

In this post, Brass Valley compares the old Department of Defense DoD 5220.22 M data destruction standards to NIST 800-88, the modern gold standard for secure data erasure. We will explain these secure data destruction methods in practical language and tell you what you need to know. 

Why Should I Be Concerned About Data Destruction Standards? 

Data destruction standards exist for one simple reason. Deleting data from a drive is only the beginning. By now, almost everyone is aware that data recovery is possible, even under incredibly challenging conditions. While that may be a blessing when the CEOs ThinkPad succumbs to the frothy surf in a Maldives lagoon, it also means that bad actors can access data you thought was gone forever. 

This is why responsible businesses rely on reputable, certified IT asset disposition (ITAD) firms like Brass Valley to securely wipe and/or decommission their hardware and devices. You get invaluable peace of mind from knowing that the most secure data destruction methods available are applied to your equipment. However, not all standards for data erasure and asset disposition are created equal. 

What is the DoD Data Destruction Standard?

The U.S. Department of Defense standard for data destruction relies upon an algorithm known as DoD 5220.22 M. This standard was considered a leading-edge technology when it was created. The problem is it was created the same year Michael Jordan rejoined the Chicago Bulls. Suffice it to say, quite a lot has happened in the field of information security since 1995. 

To their credit, the DoD has updated its data destruction methods several times since then, but the most recent update occurred in 2006 and the standard just doesn’t measure up. Even more concerning is the fact that many businesses and even alleged IT professionals are still relying upon these hard drive data destruction standards that are more than 20 years out of date. 

The DoD themselves recognizes their old  DoD 5220.22 M data erasure standard as obsolete. Since 2006, the DoD’s own documentation on the subject no longer specifies their data erasure methods, but instead refers the reader to CSA (Cognizant Security Agencies) for methods and best practices. So, the DoD itself no longer relies upon DoD 5220.22 M.

Why NIST Data Destruction Standards Have Overtaken DoD Methods

One of the first problems noted with DoD data destruction standards surfaced when technicians noticed performance and function problems with solid-state storage media. These drives, more commonly known as SSDs weren’t even on the market when DoD 5220.22 M was developed. It turns out, the need to overwrite the volume 3 to 7 times is not only redundant when used on the flash memory found in most devices now– it also causes accelerated wear and other issues. 

The NIST standards have overtaken the old DoD standards because:

• The NIST 800-88 standard for data destruction is more resource-efficient, requiring only one overwriting pass (vs. 3-7 in the old DoD method) while offering the same or better security. 
• NIST 800-88 was last updated at the end of 2014 and was developed with consideration for SSDs and other flash memory standards widely found in laptops, mobile devices, and more today. 
• The broader NIST 800-88 data erasure standards and guidance were created not only for the government but to meet the needs of private sector enterprise users as well. 
• NIST guidance for sanitizing media and destroying data is much more comprehensive and far-reaching than the DoD standards–even including information on degaussing and physical destruction of media.

In summary, DoD 5220.22 M is inefficient, time-consuming, costly, and actually less effective than modern standards. NIST 800-88 was built for today’s hardware and the 21st-century digital security landscape. It’s no wonder that NIST 800-88 has become the data destruction standard widely preferred by information security specialists. It is also the standard we apply at Brass Valley.

Defend Your Business with Secure Data Destruction Methods

You may have solid network security in your place of business. Your IT department could have a famously rigid password policy that the employees secretly despise, but comply with. But remember that security is only as strong as its weakest link. Every company finds the need to retire PCs and laptops after a period of time and replace them with new hardware. When you do, it’s not enough to simply reformat your hard drive, or trust that someone else will handle it without documentation or a chain of custody. 

Out of sight, out of mind is definitely not the right approach here. You need proper IT asset disposition (ITAD) to ensure that your equipment is handled by professionals who utilize the most secure data destruction standards available. Brass Valley is arguably the safest ITAD vendor in the U.S. With zero breaches in the over 20 years we’ve been in business, our track record and expertise speak volumes. Our elite-level shared risk model and High Reliability processes offer an unprecedented level of security for your data. 

When it comes to secure data erasure, never settle for less than Brass Valley. Find out what Brass Valley can do to secure your data by calling (844) 390-5366 or by submitting your details through our contact page.