Standards

Data Erasure Standards Explained: NIST, DoD, IEEE & More (2026)

Every organization and individual handling sensitive data faces the same question: how do you erase a drive so the data is truly gone? The answer depends on which data erasure standard you follow — and choosing the wrong one can leave your data exposed or waste hours on unnecessary procedures. With regulations like HIPAA, GDPR, and PCI DSS requiring verified data destruction, understanding these standards is no longer optional. Here is what each standard actually requires and which one fits your situation.

Key Takeaways:

  • NIST 800-88 Rev. 2 (September 2025) is the current gold standard for data erasure guidance worldwide
  • The DoD 5220.22-M three-pass method is obsolete — the Department of Defense no longer references it
  • A single overwrite pass is sufficient for modern HDDs according to NIST research
  • SSDs cannot be securely erased by overwriting alone — they require firmware-level commands like Secure Erase or NVMe Sanitize
  • The right standard for you depends on your data sensitivity, regulatory requirements, and whether you plan to reuse the drive

Data Erasure Standards at a Glance

Before diving into individual standards, here is how they compare across the criteria that matter most:

Standard Passes Media Types Current Status Best Use Case
NIST 800-88 Clear 1 HDD, SSD, flash, tape Active (Rev. 2, Sept 2025) Drive reuse within your organization
NIST 800-88 Purge Varies (firmware commands) HDD, SSD, NVMe, flash Active (Rev. 2, Sept 2025) Drive reuse outside your organization
NIST 800-88 Destroy N/A (physical) All media Active (Rev. 2, Sept 2025) Classified data, end-of-life media
DoD 5220.22-M 3 (overwrite) HDD only Obsolete Legacy systems with specific requirements
IEEE 2883 Varies by media SSD, NVMe, flash, HDD Active (published 2022) Modern storage, enterprise environments
Gutmann Method 35 MFM/RLL drives (obsolete) Outdated Not recommended for any current use
HMG IS5 Baseline 1 HDD Active (UK government) UK government lower-sensitivity data
HMG IS5 Enhanced 3 HDD Active (UK government) UK government higher-sensitivity data

Now let's break down what each standard actually requires and when you should use it.

NIST 800-88: The Global Benchmark

NIST Special Publication 800-88, titled "Guidelines for Media Sanitization," is published by the U.S. National Institute of Standards and Technology. It is the most widely referenced data erasure framework in the world. Revised to Rev. 2 in September 2025, it provides updated guidance that accounts for modern storage technologies including SSDs and NVMe drives.

Unlike older standards that prescribe a specific number of overwrite passes, NIST 800-88 takes a risk-based approach. It defines three levels of sanitization based on how much effort an attacker might invest in data recovery:

Clear

Clear-level sanitization protects against data recovery using standard software tools. This means overwriting all addressable storage locations with a single pass of fixed data (zeros, ones, or a pattern), then verifying the overwrite. Clear is appropriate when a drive stays within your organization — for example, reassigning a laptop from one employee to another.

What this means for you: If you are repurposing a drive internally and the data is not highly sensitive, a single-pass overwrite using built-in OS tools or free software like DBAN can meet the Clear standard.

Purge

Purge-level sanitization protects against laboratory-level recovery attempts — the kind involving specialized equipment and significant expertise. For HDDs, this means overwriting or using firmware-level Secure Erase. For SSDs, this requires firmware-level commands: ATA Secure Erase, NVMe Sanitize (Block Erase or Crypto Erase), or the equivalent. Simple file overwriting is not sufficient for SSDs at the Purge level because of wear leveling and over-provisioned storage areas that overwrite operations cannot reach.

What this means for you: Use Purge when a drive is leaving your control — selling it, donating it, returning a leased device, or recycling it. For SSDs, you need tools that can issue firmware-level commands, such as BitRaser or manufacturer-specific utilities. Our secure erase SSD guide walks through the process step by step.

Destroy

Destroy renders the media physically unusable and data unrecoverable by any known method. Acceptable destruction methods include disintegration, incineration, shredding, and for magnetic media, degaussing (exposing the drive to a powerful magnetic field). For SSDs and flash media, physical destruction must address all memory chips on the device.

What this means for you: Reserve Destroy for classified or extremely sensitive data where the drive will never be reused. This is common in government and defense environments. It is also the only truly reliable option for drives that have failed or are no longer functional.

For the complete breakdown, see our NIST 800-88 detailed explainer.

DoD 5220.22-M: The Obsolete Standard Everyone Still References

The DoD 5220.22-M three-pass overwrite method is probably the most widely recognized data erasure standard by name — and it is also obsolete. Originally published as part of the National Industrial Security Program Operating Manual, this method specified three overwrite passes: a pass of zeros, a pass of ones, and a pass of random data, with verification after each.

Here is the critical fact many people miss: the Department of Defense itself no longer references DoD 5220.22-M for media sanitization. The DoD now defers to NIST 800-88 guidelines. The three-pass method was designed for older magnetic drive technology from the 1990s and early 2000s. Modern research has confirmed that a single overwrite pass renders data unrecoverable on current HDDs.

Despite this, many data erasure tools still list "DoD 5220.22-M" as an option because it remains a widely recognized name. Using it will not harm your data security — it simply takes three times longer than necessary for the same result on a modern hard drive.

What this means for you: If a client, auditor, or regulation specifically requires "DoD 5220.22-M," you can still run a three-pass overwrite using tools like KillDisk or BitRaser. But know that you are following an outdated standard. If you have flexibility, NIST 800-88 is the better reference. And if you are erasing SSDs, the DoD method is fundamentally inadequate — overwriting does not address wear-leveled areas on solid-state storage.

Bottom Line: Unless a specific contract or legacy regulation mandates DoD 5220.22-M by name, follow NIST 800-88 instead. It is more current, more flexible, and accounts for modern drive technology that did not exist when the DoD standard was written.

IEEE 2883: Built for Modern Storage

IEEE 2883, published in 2022 by the Institute of Electrical and Electronics Engineers, is the first data erasure standard designed from the ground up to address modern storage technologies. Where NIST 800-88 provides a broad framework, IEEE 2883 fills in the implementation details — specifying exactly how to sanitize SSDs, NVMe drives, eMMC, UFS, and other flash-based media.

IEEE 2883 adopts the same Clear/Purge/Destroy hierarchy as NIST 800-88 but provides technology-specific procedures for each level. For example, it details which NVMe Sanitize sub-commands qualify as Purge versus Clear, and it addresses the specific challenges of sanitizing self-encrypting drives (SEDs).

Key contributions of IEEE 2883 include:

  • Technology-specific procedures for SATA, SAS, NVMe, eMMC, UFS, and other interfaces
  • Verification methods tailored to each storage technology
  • Clear guidance on cryptographic erase — when it qualifies as Purge and what conditions must be met
  • Recognition that overwriting is insufficient for flash-based media at the Purge level

What this means for you: If you manage a fleet of modern devices — especially those with NVMe SSDs — IEEE 2883 gives you the most specific, actionable guidance available. Enterprise erasure tools like BitRaser are increasingly supporting IEEE 2883 compliance in their reporting. This standard is becoming a requirement in government and enterprise procurement specifications.

For the full breakdown, read our IEEE 2883 explainer.

The Gutmann Method: 35 Passes You Don't Need

The Gutmann method, proposed by Peter Gutmann and Colin Plumb in their 1996 paper "Secure Deletion of Data from Magnetic and Solid-State Memory," specifies 35 overwrite passes using specific data patterns. Each pattern was designed to target a particular magnetic encoding technology used in drives of that era — MFM (Modified Frequency Modulation) and RLL (Run-Length Limited).

Here is what most people do not realize: those encoding technologies have not been used in hard drives for decades. Modern drives use PRML (Partial Response, Maximum Likelihood) or similar advanced encoding where the specific Gutmann patterns have no special effect. Gutmann himself has publicly acknowledged this, stating that performing the full 35-pass overwrite on a modern drive is "a waste of time" and that a simple overwrite with random data is sufficient.

Despite this, the Gutmann method persists in many erasure tools as an option. Running it on a 2TB hard drive takes roughly 35 times longer than a single-pass overwrite — potentially days instead of hours — with no measurable improvement in data security.

What this means for you: Do not use the Gutmann method. It was designed for hardware that has not been manufactured in over 20 years. A single-pass overwrite meets NIST guidance for modern HDDs. For SSDs, no number of overwrite passes provides adequate sanitization — you need firmware-level commands. Your time is better spent verifying a single-pass overwrite completed successfully than running 34 additional passes.

HMG IS5: The UK Government Standard

HMG IS5 (Her Majesty's Government Infosec Standard 5) is the UK government's standard for secure data sanitization. It defines two levels:

HMG IS5 Baseline (1 Pass)

A single overwrite pass with zeros, followed by verification. Suitable for media that held data classified as OFFICIAL or below. This aligns with NIST 800-88 Clear.

HMG IS5 Enhanced (3 Passes)

Three overwrite passes — first with zeros, then with ones, then with random data — followed by verification. Required for media that held data classified as SECRET or above. This is similar in approach to the DoD 5220.22-M method.

What this means for you: HMG IS5 is primarily relevant if you work with UK government data or operate under UK public sector procurement requirements. If you are outside the UK, NIST 800-88 is the more universally accepted reference. Like other overwrite-based standards, HMG IS5 applies to traditional HDDs. For SSDs, the UK's National Cyber Security Centre (NCSC) recommends cryptographic erase or physical destruction.

Which Standard Should You Use?

Choosing the right erasure standard depends on three factors: the sensitivity of your data, any regulatory requirements that apply, and whether you need to reuse the drive.

For Personal Use (Home Users)

You are wiping a personal laptop or desktop before selling it, donating it, or recycling it. Your main concern is preventing the next owner from accessing your files, photos, passwords, and financial information.

Recommended: NIST 800-88 Clear (for HDDs) or NIST 800-88 Purge (for SSDs). A single-pass overwrite handles an HDD. For an SSD, use the manufacturer's secure erase tool or a utility like Parted Magic that can send firmware-level erase commands. See our complete guide to wiping a hard drive for step-by-step instructions.

For Business Use (Non-Regulated)

You are decommissioning office computers, returning leased equipment, or disposing of old servers. No specific regulatory framework applies, but you need to protect business data — customer records, financial data, proprietary information.

Recommended: NIST 800-88 Purge for all drives leaving your control. Use professional erasure software like BitRaser that generates certificates of erasure for your records. This protects your organization in the event of a future data breach claim.

For Regulated Industries (Healthcare, Finance, Government)

You are subject to HIPAA, GDPR, PCI DSS, SOX, CMMC, or similar regulations. Auditors may review your data destruction practices, and non-compliance carries penalties.

Recommended: NIST 800-88 Purge (minimum) with certified erasure reporting. Many regulations do not name a specific standard but require "reasonable" or "appropriate" measures with documentation. NIST 800-88 is the safest reference because it is recognized by virtually every regulatory body. For government contracts, check whether IEEE 2883 compliance is specified. Professional tools with audit-ready certificates are essential — compare your options in our software roundup.

For Classified or High-Security Data

You are handling classified government data, trade secrets, or information where any recovery risk is unacceptable regardless of cost.

Recommended: NIST 800-88 Destroy. Physical destruction — shredding, disintegration, or degaussing followed by physical destruction — is the only approach that eliminates all recovery risk. No software-based method can address data in damaged sectors, hidden areas, or controller-managed regions of SSDs with absolute certainty.

HDD vs. SSD: A Critical Distinction

The difference between erasing HDDs and SSDs cannot be overstated. Overwriting works reliably on HDDs because data is stored magnetically on platters that the drive head can access sequentially. SSDs store data on flash memory chips managed by a controller that uses wear leveling, garbage collection, and over-provisioning — techniques that mean overwriting what you think is the entire drive may leave data in areas the overwrite did not reach.

For a deeper look at these differences, read our article on SSD vs. HDD data erasure differences.

Recommended Tools by Standard

Not every erasure tool supports every standard. Here are the tools that align with each:

  • NIST 800-88 (all levels): BitRaser Drive Eraser — supports Clear and Purge with certificate generation. The most comprehensive option for compliance-driven erasure.
  • DoD 5220.22-M: KillDisk and DBAN — both support the three-pass DoD method. DBAN is free but limited to HDDs booted via USB.
  • IEEE 2883: BitRaser — one of the few tools currently reporting IEEE 2883 compliance in erasure certificates.
  • General-purpose secure erase: ShredOS/nwipe (free, open-source) and Parted Magic (low-cost, includes ATA Secure Erase support for SSDs).

For full reviews and comparisons, see our best data erasure software roundup.

Frequently Asked Questions

What is the most widely accepted data erasure standard?

NIST Special Publication 800-88 is the most widely accepted data erasure standard worldwide. Updated to Revision 2 in September 2025, it provides the framework that most regulatory bodies, government agencies, and enterprise organizations reference for media sanitization requirements.

Is the DoD 5220.22-M standard still valid?

No. The DoD 5220.22-M three-pass overwrite method is obsolete. The U.S. Department of Defense itself no longer references this standard for media sanitization. Organizations still using it are following outdated guidance. NIST 800-88 has replaced it as the recommended framework.

How many overwrite passes are needed to securely erase a hard drive?

For modern hard drives, a single overwrite pass is sufficient to render data unrecoverable according to NIST 800-88 guidelines. The idea that multiple passes are necessary is a legacy practice from older drive technology. However, SSDs require different approaches entirely — firmware-level commands rather than overwriting.

What is the difference between Clear, Purge, and Destroy in NIST 800-88?

Clear protects against simple data recovery using standard software tools. Purge protects against laboratory-level recovery attempts using specialized equipment. Destroy renders the media physically unusable. The right level depends on the sensitivity of your data and whether you plan to reuse the drive.

Which data erasure standard should I use for SSDs?

For SSDs, use NIST 800-88 Purge-level sanitization or follow IEEE 2883, which was specifically designed to address modern storage technologies. Both standards recognize that simple overwriting is insufficient for SSDs due to wear leveling and over-provisioning. Firmware-level commands like ATA Secure Erase, NVMe Sanitize, or cryptographic erase are required.

Do I need a data erasure certificate?

A certificate of data erasure is strongly recommended for regulatory compliance (HIPAA, GDPR, PCI DSS, SOX) and as proof of due diligence. Many professional-grade erasure tools like BitRaser generate certificates automatically. Even if not legally required in your situation, certificates provide documentation that protects you in the event of an audit or data breach investigation.

What is the Gutmann method and is it still necessary?

The Gutmann method is a 35-pass overwrite technique proposed by Peter Gutmann in 1996. It was designed for older encoding technologies like MFM and RLL drives that no longer exist in modern hardware. Gutmann himself has acknowledged that a single overwrite is sufficient for current drives. The method is unnecessary and wastes significant time on modern storage.

Is formatting the same as data erasure?

No. Formatting — whether quick format or full format — does not securely erase data. A quick format only removes the file system index, leaving all data intact on the drive. Even a full format in modern Windows only writes zeros to accessible areas and does not meet any recognized data erasure standard. Proper data erasure requires dedicated software or firmware-level commands.

What is IEEE 2883 and why does it matter?

IEEE 2883, published in 2022, is the first data erasure standard built specifically for modern storage technologies including SSDs, NVMe drives, and flash-based media. It fills gaps left by NIST 800-88 by providing detailed, technology-specific sanitization procedures. It is increasingly referenced in enterprise and government procurement requirements.

Which data erasure standard does GDPR require?

GDPR does not mandate a specific data erasure standard. Instead, it requires organizations to erase personal data when requested (the right to erasure) using methods appropriate to the data sensitivity. In practice, most European organizations follow NIST 800-88 or HMG IS5 (in the UK). Documented, verifiable erasure using any recognized standard will satisfy regulatory requirements.

The Bottom Line

NIST 800-88 Rev. 2 is the standard most organizations should follow. It is current, globally recognized, and accepted by virtually every regulatory framework. For HDDs, a verified single-pass overwrite meets the Clear level. For SSDs, use firmware-level Purge commands. Skip the outdated DoD and Gutmann methods. Choose your erasure software based on the standard your situation requires, and always keep certificates as proof.

Last updated: February 2026. We regularly review and update our guides to ensure accuracy.

Sources: