Still using the DoD 5220.22-M 3-pass method for erasing your drives? Use NIST 800–88 instead to securely erase your HDD/SSD/NVMe drives…
Recently I stumbled across an eBay seller using the DoD 5220.22-M 3 pass method to erase SSD’s… Although that is definitely not recommended, I then wondered… well, what is best practice, then?
I’ve been aware of the ATA Secure Erase method for some time, but did not know if it was implemented in any official gov-related data erasure procedures or what the new “standard” was.
Findings:
Instead of referencing DoD 5220.22-M, reference NIST 800–88. The former is no longer considered relevant nor referenced by industry-leading data-erasure companies and agencies.
HDD’s:
- Use ATA Secure Erase
SSD’s:
- Use ATA Crypto Sanitize, Crypto Erase if supported by SSD
- Use ATA Secure Erase otherwise
NVMe’s:
- Use Crypto Sanitize, Crypto Erase if supported by NVMe
- Use Secure Erase otherwise
- Note: NVMe's do not contain the ATA prefix; the commands are identified under "NVM Express Format"
Windows/Linux folks:
- The easiest way to do perform a secure erase is by downloading the tools / toolbox from your SSD manufacturer as mentioned in this article
- Darik’s Boot and Nuke does not support Secure Erase but recommends Blancco Disk Eraser instead (costs but free trial)
- Parted Magic is also widely recommended around the net (costs)
- The free tool from UC San Diego may work but is outdated and did not work when tested it with an SSD aged 4 years
Mac folks:
I have seen some sites stating that SSD/NVMe drives are best erased using Disk Utility (which is capable of the above commands) and that the use third-party tools may make your Mac angry. Not sure.
Companies/Organizations:
This chart may be useful when considering the different methods of media sanitation. You can find this chart and more details on page 23–24 of the NIST 800–88 guidelines.
References:
Primary source can be found starting on page 35 of the NIST 8088–88, link provided at bottom.
Sanitize vs Secure
https://superuser.com/questions/1518253/ssd-what-is-the-difference-between-sanitize-secure-erase
Article on Wiping Standards
https://www.blancco.com/resources/blog-dod-5220-22-m-wiping-standard-method/
Additional Information on SSD Erasure
https://datadestroyers.com/destruction-services/ssd-hdd-erasure
Additional Information on Common Misconceptions and Erasure
https://degaussing-101.com/dod-5220-22-m/
Official NIST 800–88 PDF — see page 35
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf
Final note:
I chose to include this preview image because “ATA Secure Erase” and “NVMe Secure Erase” are plainly visible to bring about awareness AND because Parted Magic is a software that easily enables you to run both commands on Win/Linux. I am not promoting or endorsing any software mentioned 😊.
