DOD Vs NIST – Which is the Best Data Erasure Standard?
Summary: Whether you wish to employ DoD, NIST, or any other data erasure standards for wiping data from your Hard Drives. BitRaser Drive Eraser Software meets your requirements for data erasure using 24 international erasure standards including DoD and NIST. |
---|
In today’s world of security breaches and data leaks, it has become imperative for companies to ensure that the sensitive information of their customers is securely erased when its work is done, or when the customer demands it.
For example, in Europe, there exists something called “the right to be forgotten”. As per this and similar laws, if a user demands that an enterprise remove his/ her/ their data from their possession, the company is legally bound to do so.
The end result: from time to time, companies find themselves in a position where they have to erase data, and to prevent any blowback in the future, most IT departments advise sticking to data erasure standards that have been put in place for the industry.
TL;DR = You can read in-depth information about the two standards here:
- The Pentagon Document Archive: The DOD 5220.22-m Data Wipe Standard
- The NIST 800-88 Purge for Data Cleansing PDF: Revised.
Table Of Contents
- The Upfront Conclusion
- Most Popular Standards
- Is One Better Than The Other
- The DOD Data Standard: Explained
- The NIST Data Standard: Explained
- Why NIST is Better
The Upfront Conclusion
As far as the DOD 5220.22-m vs NIST 800-88 argument is concerned, NIST is the better option, barring certain very specific use cases, which will be described further on in the article.
If that was all you wanted to know, here is a table summarizing the differences between the two:
Distinction | DOD 5220.22M 3/ 7 Pass | NIST 800-88 |
---|---|---|
Introduced In | 1995 | 2006 |
Last Updated In | 2006 | 2014 |
Main Eraser Method | Re-writing/ Overwriting | Clear, Purge, Then Destroy |
Level Of Efficiency | Less, ineffective on Solid State/ optical storage media. | Effective across all forms of storage media. |
Verified Deletion | Yes | Yes |
Certified Deletion | No | Yes |
Cost | Higher as either 3 or 7 overwrites are needed. | Lower as only one deletion occurs. |
For a more in-depth explanation of the two protocols and their nuanced differences, read on.
This is where the DOD Vs. NIST debate comes into play – DOD stands for “Department Of Defense” and NIST is short for the “National Institute of Standards and Technology”.
NIST is not the polar opposite of the DOD sanitization procedures, rather, the NIST guidelines take the DOD protocols and make them better.
What Are The Most Popular Standards?
Even within themselves, the DOD and NIST have standards of varying strength, but by far, the most widely-used data erasure standards are the DOD 5220.22-M 3 & 7 Pass and the NIST 800-88 standard, from both organizations, respectively.
The benefit of utilizing either of the standards is that they are military grade – the government uses them too.
The DOD 5220.22-m 3/ 7P standard was first created in 1995 and has been revised a couple times since, and the NIST 800-88 is much more modern, coming into play in 2006, and then being revised to account for advancement in 2014.
In a nutshell: NIST is a more modern, slightly less popular standard for data erasers as compared to the DOD protocol which is a bit outdated but more popular, but there is still a lot of discussion around DOD Vs. NIST as to which one is better
Is One Better Than The Other: DOD Vs. NIST?
As to the question as to which one is preferred over the other and why there is not one answer to the DOD Vs. NIST debate, the answer is not that simple.
While it is believed that the DOD guidelines are a little more comprehensive in data deletion (because of the 3/ 7 overwrites), the DOD standard can wreak havoc on certain types of storage devices.
This is why people with older hardware (such as hard disk drives or hybrid drives) are better suited to using the DOD standard, and if you have an SSD, steer clear of DOD because this can drastically reduce the lifespan of your solid-state drive.
In a nutshell: The choice of the standard that you end up using depends primarily on the type of storage medium that you employ.
As a rule of thumb, if your storage uses magnetic strips to store data (HDDs , CDs, or Tapes), use DOD and if it uses embedded chips (SSDs), use NIST.
What Is The DOD Data Erasure Standard?
The Department Of Defense 5220.22M data erasure protocol was first released in the year 1995, in order to standardize (hence the name) data erasure in government agencies to ensure that classified data is not accessible even after deletion.
There are two choices that you get: 3-Pass or 7-pass. As the name suggests, in 3-Pass the disk is overwritten with three passes, and in 7-pass, the disk is overwritten seven times.
This is done in order to fragment the post-deletion data beyond all recognizable form, and works surprisingly well, and if you look at DOD Vs. NIST in this regard, NIST comes out on top with fewer passes than the DOD.
After the data passes (wipes) are complete, they are followed by a “verification”, which means a check is conducted to make sure that no part of the original data is still accessible.
The DOD 5220.22-M was initially invented to rewrite tapes and floppy disks, and multiple overwrites were needed because these physical forms of storage would still have “crumbs” of data left over after an overwrite.
Looking at DOD vs. NIST in this regard, NIST can cover devices that DOD cannot, but DOD cannot deal with devices as efficiently as NIST.
What Is The NIST Data Erasure Standard?
The National Institute of Standards And Technology 808-88 guidelines were formulated in 2006, after revision of the DOD 5220.22-m standard revealed unsealable loopholes for newer systems.
The NIST guidelines built on the practices of the DOD, and drastically improved upon its earlier predecessor, and eventually, NIST emerged as pretty much a global standard.
Today, NIST is not called a “Data erasure” standard, it is referred to as a “data sanitization” standard — that is how good it is.
The manual for NIST 800-88, specifies that it uses a process of “Clear, Purge, Then Destroy” to delete data.
NIST 800-88 was further revised in 2014, to ensure that it kept up with modern standards, tacking on another point in favor of NIST in the DOD Vs. NIST debate.
Advantages of NIST 800-88
- NIST uses only 1-pass overwrite, so it can erase data without reducing the lifespan of your storage media, unlike the DOD standards.
- The 1-pass system also saves a lot of time, especially when wiping larger solutions.
- NIST accounts in great detail for magnetic as well as opal storage, but DOD cannot account for solid-state storage solutions.
- NIST also has considerations for vast storage media (like a server or data bank), as well as mobile/ cellular phones, among many others.
- NIST is cheaper and quicker than the DOD standard.
Thus, we conclude that the outcome of the DOD Vs. NIST battle is indeed, that the NIST 800-88 protocol is indeed superior to the DOD in all the important aspects of data sanitization
The End
Each of these two trusted, heavyweight organizations has its own guidelines and practices wherein they attempt to provide the best and most effective data erasure protocols possible for all those who are involved.
Businesses the world over are having to consider more robust data destruction policies as customers get more autonomy over their sensitive information.
Other than if you have rather old storage, and here we are referring to pre-2014 storage media, then NIST 800-88 is absolutely the way to go.
Here, it is recommended to check out specialized, dedicated software that is out-of-the-box NIST compliant, such as BitRaser.
BitRaser removes data down at the byte and bit level to ensure that the data is sanitized from the storage media, with absolutely no chance of retrieval.
In addition to being compliant with our two heavyweights (The DOD 5220.22-m and the NIST 800-88 data sanitization standards), BitRaser is also compliant with up to 24 other standards, including standards by Peter Gutmann, NATO, USAF, British HMG, Canadian RCMP, Random Zero Zero, and other variations of all of the above.