What's required to overwrite classified data

NISP sets the standards

Getting rid of data on a drive or disk can be difficult, because the hardware is designed to protect and maintain data for as long as possible.

You can erase or reformat a drive, but the data remains accessible to someone with a little forensics know-how and software. Destroying and degaussing a disk are effective, but they also render the hardware unusable. Erasure, which overwrites bits with new bits, can allow people to reuse a drive, although the Defense Department looks on it primarily as an added layer of protection in preparing a drive for destruction when the hardware carries classified data.


Reusing hardware: Erase data but leave an audit trail

The National Industrial Security Program manages the requirements for private-sector contractors that have access to classified information. The NISP Operating Manual, DOD 5220.22-M, outlines requirements for getting rid of classified digital data. The manual recognizes two levels: clearing and sanitizing.

Blancco, which produces a tool that Santa Barbara County, Calif., and other federal and local agencies use, has begun the National Information Assurance Partnership's Common Criteria evaluation process. However, no overwriting product or process so far has completed evaluation for sanitizing. NISP uses National Security Agency guidance on overwriting in preparation for disposal or recycling, but it does not authorize use of overwriting for sanitization or downgrading — that is, release of hardware that processed classified information for use at a lower classification level.

Blancco said a German lab has certified its equipment as meeting DOD 5220.22-M requirements for overwriting data three or seven times with a predefined bit pattern.

About the Author

William Jackson is a Maryland-based freelance writer.


  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected