What's required to overwrite classified data

NISP sets the standards

Getting rid of data on a drive or disk can be difficult, because the hardware is designed to protect and maintain data for as long as possible.

You can erase or reformat a drive, but the data remains accessible to someone with a little forensics know-how and software. Destroying and degaussing a disk are effective, but they also render the hardware unusable. Erasure, which overwrites bits with new bits, can allow people to reuse a drive, although the Defense Department looks on it primarily as an added layer of protection in preparing a drive for destruction when the hardware carries classified data.


Reusing hardware: Erase data but leave an audit trail

The National Industrial Security Program manages the requirements for private-sector contractors that have access to classified information. The NISP Operating Manual, DOD 5220.22-M, outlines requirements for getting rid of classified digital data. The manual recognizes two levels: clearing and sanitizing.

Blancco, which produces a tool that Santa Barbara County, Calif., and other federal and local agencies use, has begun the National Information Assurance Partnership's Common Criteria evaluation process. However, no overwriting product or process so far has completed evaluation for sanitizing. NISP uses National Security Agency guidance on overwriting in preparation for disposal or recycling, but it does not authorize use of overwriting for sanitization or downgrading — that is, release of hardware that processed classified information for use at a lower classification level.

Blancco said a German lab has certified its equipment as meeting DOD 5220.22-M requirements for overwriting data three or seven times with a predefined bit pattern.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected