Standards

DoD 5220.22-M: Why the Military Wiping Standard Is Obsolete

If you have ever shopped for data erasure software, you have almost certainly seen "DoD 5220.22-M" listed as a wiping method. It sounds authoritative — a data destruction standard from the United States Department of Defense. The problem is that the DoD itself no longer uses it. The standard has been obsolete for years, replaced by NIST 800-88 as the federal government's go-to guidance for media sanitization. Yet it continues to appear on product feature lists and in IT procedures across thousands of organizations. Here is what DoD 5220.22-M actually was, why it no longer applies, and what you should use instead.

Key Takeaways:

  • DoD 5220.22-M is obsolete — the Department of Defense no longer references it for data sanitization
  • The NISPOM, which contained the DoD 5220.22-M sanitization procedures, was replaced by 32 CFR Part 117 in 2021
  • A single overwrite pass is sufficient for modern HDDs according to NIST research and independent studies
  • Software vendors still list DoD 5220.22-M because of name recognition, not because it is best practice
  • NIST 800-88 Rev. 2 (September 2025) is the standard you should actually follow

What Was DoD 5220.22-M?

DoD 5220.22-M was the document identifier for the National Industrial Security Program Operating Manual, commonly known as the NISPOM. Published by the Department of Defense in 1995, NISPOM governed how defense contractors handled classified information — covering everything from physical security to personnel clearances to, yes, how to sanitize storage media before disposal or reuse.

The data sanitization procedures lived in a clearing and sanitization matrix within the document. This matrix specified overwrite patterns for different types of magnetic media. Over time, the overwriting procedures were extracted from the broader document and took on a life of their own in the data erasure industry. "DoD 5220.22-M" became shorthand for a specific multi-pass overwrite method, even though the original document covered far more than just wiping drives.

The critical detail that most people miss: the NISPOM itself was never just a data erasure standard. It was a comprehensive security manual. The data wiping component was one small piece of a much larger framework. And when that framework was updated, the wiping procedures went with it.

In February 2021, the NISPOM was codified into federal regulation as 32 CFR Part 117. This new version no longer contains the old sanitization matrix with specific overwrite patterns. Instead, the Defense Counterintelligence and Security Agency (DCSA) — the body responsible for the national industrial security program — directs organizations to follow NIST SP 800-88 for media sanitization.

The 3-Pass and 7-Pass Methods

When people reference "DoD 5220.22-M," they are typically talking about one of two overwrite procedures that were derived from the original NISPOM sanitization matrix.

The 3-Pass Method (DoD 5220.22-M Standard)

The three-pass method works as follows:

  1. Pass 1: Write a specific character (e.g., binary zeros) to every addressable location on the drive. Verify the write.
  2. Pass 2: Write the complement of that character (e.g., binary ones) to every addressable location. Verify the write.
  3. Pass 3: Write a random character to every addressable location. Verify the write.

The logic behind the three passes was layered defense. The first pass overwrites all existing data. The second pass, using the complement, was intended to eliminate any residual magnetic trace of the original data by ensuring that every bit had been both set and cleared at least once. The third pass added randomness to prevent pattern analysis. Verification after each pass confirmed that the write operation completed successfully across the entire drive surface.

On a modern hard drive, a 3-pass overwrite takes roughly three times longer than a single-pass overwrite. For a 1 TB HDD, that can mean the difference between approximately 2–3 hours and 6–9 hours.

The 7-Pass Method (DoD 5220.22-M ECE)

The seven-pass variant, sometimes called "DoD 5220.22-M ECE" (though this specific designation is not formally defined in the original NISPOM), extends the process:

  1. Pass 1: Write a specific character. Verify.
  2. Pass 2: Write the complement. Verify.
  3. Pass 3: Write a random character. Verify.
  4. Pass 4: Write a specific character. Verify.
  5. Pass 5: Write the complement. Verify.
  6. Pass 6: Write a specific character. Verify.
  7. Pass 7: Write a random character. Verify.

This method essentially runs the character/complement pattern multiple times before the final random pass. On a 1 TB HDD, a 7-pass overwrite can take 14–21 hours or more. For a 4 TB drive, you could be looking at multiple days.

The 7-pass method was sometimes referenced for higher-classification data, though the exact circumstances requiring seven passes versus three were subject to interpretation. In practice, many organizations defaulted to the 7-pass method "just to be safe" — an approach that consumed enormous amounts of time without meaningfully improving security.

For a detailed analysis of why extra passes do not improve data erasure on modern drives, read our guide on how many passes are needed to wipe a hard drive.

Bottom Line: Both the 3-pass and 7-pass DoD methods are obsolete. The Department of Defense itself abandoned them. A single overwrite pass is sufficient for modern HDDs, and neither method works reliably on SSDs. Follow NIST 800-88 instead.

Why It's Obsolete

DoD 5220.22-M became obsolete for three converging reasons: the underlying technology changed, the science caught up, and the regulatory framework moved on.

Modern Drives Eliminated the Original Threat

The multi-pass approach was rooted in concerns about residual magnetic signatures — the idea that after data was overwritten on a hard drive, faint traces of the previous data might persist in the analog magnetic signal and could be recovered using specialized equipment like magnetic force microscopy (MFM).

This concern was somewhat valid for hard drives manufactured in the 1980s and early 1990s. Those drives had relatively low areal densities, meaning each data bit occupied a comparatively large physical area on the platter. The larger magnetic footprint made residual signals theoretically detectable.

Modern hard drives have areal densities hundreds of times greater than those early drives. The bits are packed so tightly that the magnetic domains are at or near the superparamagnetic limit. After a single overwrite, any residual signal from the original data is buried so deep in noise that recovery is not feasible with any known technique. Peer-reviewed research — including the Wright, Kleiman, and Sundhar study at ICISS 2008 — has confirmed this repeatedly. No laboratory has publicly demonstrated recovery of meaningful data from a modern HDD after a single full overwrite.

The Research Is Conclusive

NIST reviewed decades of data recovery research before publishing SP 800-88. Their conclusion: a single overwrite pass renders data on modern magnetic media unrecoverable even when state-of-the-art laboratory techniques are applied. This is not a minority position — it is the scientific consensus.

The multi-pass overwrite provided peace of mind, but not additional security. Running three or seven passes over a modern hard drive is the data sanitization equivalent of locking a door that is already locked: it takes extra time and effort, but the outcome is the same.

Want to see the research behind this? Read our article on whether data can be recovered after a secure erase.

SSDs Changed Everything

Perhaps the most important reason DoD 5220.22-M is obsolete: it was designed exclusively for magnetic media. Solid-state drives use fundamentally different storage technology, and overwrite-based methods do not work reliably on them.

SSDs employ wear leveling, which distributes writes across flash cells to extend drive life. When you overwrite a file, the SSD controller may write the new data to a completely different physical location, leaving the original data intact in a cell that the operating system cannot directly address. SSDs also reserve over-provisioned space — hidden capacity used for performance optimization and bad-block management — that overwrite operations cannot reach.

Applying DoD 5220.22-M to an SSD gives you the worst of both worlds: the drive wears through extra write cycles, reducing its lifespan, while data potentially remains in unreachable areas. SSDs require firmware-level sanitization commands — ATA Secure Erase, NVMe Sanitize (Block Erase or Crypto Erase), or NVMe Format — to properly destroy all stored data.

The Regulatory Framework Moved On

In February 2021, 32 CFR Part 117 replaced the original NISPOM. The new regulation does not include the old sanitization matrix. DCSA now directs cleared contractors and facilities to follow NIST SP 800-88 for all media sanitization activities. The DoD itself has formally walked away from DoD 5220.22-M as a data erasure standard.

This matters beyond just defense contractors. When the entity that created a standard no longer endorses it, continuing to follow it is not "being thorough" — it is using outdated procedures.

Why Software Still Lists It

If DoD 5220.22-M is obsolete, why does virtually every data erasure tool still feature it prominently? The answer is market demand driven by brand recognition.

Name Recognition Sells

"Department of Defense" carries weight. When a consumer or IT professional sees that a product supports "DoD 5220.22-M wiping," it sounds more authoritative than "NIST 800-88 Clear." The DoD label implies a higher level of security — the kind of thing the military uses — even though the military no longer uses it. Software vendors know this, and removing the option could cost them sales.

Contracts and Policies Have Not Caught Up

Thousands of organizations have internal data destruction policies that specifically reference DoD 5220.22-M. Many government contracts written before 2021 still name the standard explicitly. Even when the policy authors know the standard is outdated, updating policies requires approvals, reviews, and sign-offs that can take months or years. In the meantime, IT staff need to check the box, and software that supports the named standard makes that possible.

Competitors List It

If every competing product lists DoD 5220.22-M support and yours does not, you appear to have fewer features — even if the missing "feature" is an obsolete procedure. This creates a race-to-the-bottom dynamic where no vendor wants to be first to drop it.

It Does Not Hurt (On HDDs)

Running a DoD 5220.22-M 3-pass overwrite on an HDD will erase your data. It is simply overkill. One pass would accomplish the same result in one-third the time. So while listing the standard as an option is misleading from a "best practice" perspective, the actual erasure still works on magnetic media. This makes it a low-risk feature for vendors to keep: it does not harm anything (except your time), and it makes customers feel more secure.

What Replaced It: NIST 800-88

NIST Special Publication 800-88, titled "Guidelines for Media Sanitization," is the standard that the DoD, federal government, and most regulatory frameworks now reference. Originally published in 2006 and most recently updated to Rev. 2 in September 2025, it takes a fundamentally different approach than the old DoD method.

Instead of prescribing a fixed number of overwrite passes, NIST 800-88 defines three sanitization levels based on the security risk:

  • Clear: Protects against recovery using standard data recovery tools. A single overwrite pass with verification meets this level for HDDs. Appropriate for drives staying within your organization.
  • Purge: Protects against laboratory-level recovery attempts. For HDDs, this can be a single overwrite pass or firmware-level Secure Erase. For SSDs, firmware-level commands are required — overwriting alone does not qualify. Appropriate for drives leaving your control.
  • Destroy: Physical destruction of the media (shredding, disintegrating, melting, incinerating). Appropriate for the highest-sensitivity data or end-of-life media that will not be reused.

This risk-based approach is more practical and more secure than the old fixed-pass model. It acknowledges that a laptop being reassigned within a company does not need the same sanitization treatment as a server storing classified data being sent to a recycler. And it provides specific guidance for modern storage technologies that DoD 5220.22-M never addressed.

For a complete overview of all current erasure standards, see our data erasure standards comparison.

What This Means for You

Whether you are an individual wiping a personal drive or an IT manager overseeing data destruction for a regulated organization, here is what you need to know in practice.

For Individuals

If you are wiping a hard drive before selling, donating, or recycling a computer, you do not need DoD 5220.22-M. A single-pass overwrite using a free tool like DBAN or ShredOS is sufficient for any HDD. For SSDs, use your manufacturer's secure erase utility or a tool that can issue firmware-level commands.

If you see DoD 5220.22-M as an option in your erasure software, there is no harm in selecting it for an HDD — it will work. But you will wait three to seven times longer for the same result you would get from a single pass. Choose "NIST 800-88 Clear" or a single-pass zero-fill instead.

For a step-by-step walkthrough, see our complete guide to wiping a hard drive.

For IT Professionals and Businesses

Update your data destruction policies to reference NIST 800-88 Rev. 2 instead of DoD 5220.22-M. If your organization processes drives at volume, the time savings from switching to single-pass overwriting can be significant — a fleet of 100 drives wiped with a 3-pass method takes three times longer than with a single pass, tying up equipment and staff.

Use professional erasure tools like BitRaser or KillDisk that provide certified erasure reports documenting the method used, verification results, drive serial numbers, and timestamps. These reports satisfy audit requirements for HIPAA, GDPR, PCI DSS, and other regulatory frameworks.

For SSDs, ensure your process uses firmware-level sanitization commands rather than software overwriting. This is a requirement at the NIST 800-88 Purge level.

For Compliance Officers

If your organization's data destruction policy still references DoD 5220.22-M, it needs updating. While an auditor is unlikely to penalize you for using an overwrite method that still erases data on HDDs, an outdated policy raises questions about whether your organization is keeping current with security best practices. More critically, if your policy applies DoD 5220.22-M to SSDs, it is leaving data at risk because the method does not work reliably on solid-state storage.

Reference NIST 800-88 Rev. 2. It is the current authoritative standard, it addresses all modern media types, and it is what DCSA and the federal government follow.

Compare tools that meet current standards in our best data erasure software roundup.

Frequently Asked Questions

Is DoD 5220.22-M still a valid data erasure standard?

No. The U.S. Department of Defense no longer references DoD 5220.22-M for data sanitization. The NISPOM was replaced by 32 CFR Part 117 in February 2021, and the Defense Counterintelligence and Security Agency now directs organizations to follow NIST SP 800-88 for all media sanitization activities.

What is the difference between the 3-pass and 7-pass DoD wipe methods?

The 3-pass method writes a character, its complement, and a random character across the drive, with verification after each pass. The 7-pass method repeats the character/complement pattern additional times before the final random pass. Both are unnecessary for modern drives — a single pass achieves the same result.

Why do software tools still offer DoD 5220.22-M if it is obsolete?

Brand recognition and market demand. The "Department of Defense" name sounds authoritative to buyers, thousands of legacy policies still reference the standard, and no vendor wants to appear to have fewer features than competitors. The method still works on HDDs — it is just slower than necessary.

Can data be recovered after a DoD 5220.22-M wipe?

No. Data cannot be recovered after a proper DoD 5220.22-M overwrite on an HDD. But the same is true after a single-pass overwrite. The additional passes do not provide extra protection on modern drives. The real risk is applying this method to an SSD, where overwriting alone may not reach all stored data.

Does DoD 5220.22-M work on SSDs?

No. DoD 5220.22-M was designed for magnetic hard drives. SSDs use wear leveling and over-provisioning that prevent software-based overwriting from reaching all data. Applying this method to an SSD wastes write cycles, shortens the drive's lifespan, and may leave data intact in areas the overwrite cannot address.

How many overwrite passes do I actually need for an HDD?

One. NIST 800-88 and independent research confirm that a single full overwrite pass renders data on modern HDDs unrecoverable using any known technology. The multi-pass approach was designed for older drives with lower areal densities and is unnecessary for any drive manufactured in the last two decades.

What should I use instead of DoD 5220.22-M?

Follow NIST SP 800-88 Rev. 2. For HDDs, a single-pass overwrite with verification (Clear level) is sufficient for most use cases. For SSDs, use firmware-level commands — ATA Secure Erase, NVMe Sanitize, or crypto erase — at the Purge level. Use professional tools that provide erasure certificates for compliance documentation.

Is DoD 5220.22-M required for government contracts?

Not in newly issued contracts. DCSA now references NIST 800-88 for media sanitization. However, older contracts may still name DoD 5220.22-M explicitly. If your contract specifies it, comply with the contract terms while discussing an update with your contracting officer. In most cases, NIST 800-88 will be accepted as a superior replacement.

Will auditors accept a single-pass wipe instead of DoD 5220.22-M?

Yes, provided you can demonstrate that your single-pass overwrite follows NIST 800-88 guidelines and includes verification. Professional erasure tools that generate certified reports documenting the method, results, and drive details will satisfy auditors. The key is having verifiable documentation, not a higher pass count.

What is 32 CFR Part 117?

32 CFR Part 117 is the federal regulation that replaced the original NISPOM (DoD 5220.22-M). Published in February 2021, it governs the National Industrial Security Program and covers how cleared contractors handle classified information. For media sanitization, it defers to NIST SP 800-88 rather than prescribing specific overwrite patterns.

The Bottom Line

DoD 5220.22-M is a relic of 1990s drive technology that persists through name recognition alone. The Department of Defense abandoned it. Modern research confirms that a single overwrite pass provides the same protection as three or seven passes. If your data destruction policy still references DoD 5220.22-M, update it to NIST 800-88 Rev. 2 — the standard that actually reflects how storage technology works today.

Last updated: February 2026. We regularly review and update our guides to ensure accuracy.

Sources: