What's required to overwrite classified data

NISP sets the standards

Getting rid of data on a drive or disk can be difficult, because the hardware is designed to protect and maintain data for as long as possible.

You can erase or reformat a drive, but the data remains accessible to someone with a little forensics know-how and software. Destroying and degaussing a disk are effective, but they also render the hardware unusable. Erasure, which overwrites bits with new bits, can allow people to reuse a drive, although the Defense Department looks on it primarily as an added layer of protection in preparing a drive for destruction when the hardware carries classified data.


Reusing hardware: Erase data but leave an audit trail

The National Industrial Security Program manages the requirements for private-sector contractors that have access to classified information. The NISP Operating Manual, DOD 5220.22-M, outlines requirements for getting rid of classified digital data. The manual recognizes two levels: clearing and sanitizing.

Blancco, which produces a tool that Santa Barbara County, Calif., and other federal and local agencies use, has begun the National Information Assurance Partnership's Common Criteria evaluation process. However, no overwriting product or process so far has completed evaluation for sanitizing. NISP uses National Security Agency guidance on overwriting in preparation for disposal or recycling, but it does not authorize use of overwriting for sanitization or downgrading — that is, release of hardware that processed classified information for use at a lower classification level.

Blancco said a German lab has certified its equipment as meeting DOD 5220.22-M requirements for overwriting data three or seven times with a predefined bit pattern.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected