SUMMARY: DoD 5220.22-M remains one of the most widely recognized standards for securely overwriting sensitive data. This guide explains how the DoD 3-pass and 7-pass wiping methods work, when they are required and why they still matter for compliance driven organizations. You’ll also learn how to apply DoD 5220.22-M in practice using tools such as BCWipe and BCWipe Total WipeOut to achieve reliable, verifiable data sanitization.
DoD 5220.22-M Data Erasure Standard
DoD 5220.22-M is one of the most recognizable and longest standing data erasure standards.
In this blog, you will find out everything you need to know about DoD 5220.22-M, including why you should use this particular wiping standard and how it can be implemented to erase hard drives or selected files.
What Is the DoD 5220.22-M Wiping Standard?
DoD 5220.22-M is a widely used data erasure standard. In the media sanitization industry, a number of data erasure standards have been established over the last few decades to ensure wiping practices are secure and compliant with data protection regulations. These standards specify the overwrite patterns and paths that have been set by government agencies and organizations around the world.
The DoD 5220.22-M standard involves overwriting the previously stored data on drives with binary patterns of zeroes and ones. The process requires 3 secure overwriting passes.
The DoD 5220.22-M standard is most commonly known in this form:
- Pass 1: Overwrite all addressable locations with binary zeroes
- Pass 2: Overwrite all addressable locations with binary ones
- Pass 3: Overwrite all addressable locations with a random bit pattern
The third overwrite pass is then verified by the wiping standard
In 2001, the U.S. Department of Defense (DoD) published theDoD 5220.22-M ECE method, which is a 7-pass version of the original standard that is executed in the following way:
- Pass 1: Overwrite all addressable locations with binary zeroes
- Pass 2: Overwrite all addressable locations with binary ones
- Pass 3: Overwrite all addressable locations with a random bit pattern
- Pass 4: Overwrite all addressable locations with binary zeroes
- Pass 5: Overwrite all addressable locations with binary zeroes
- Pass 6: Overwrite all addressable locations with binary ones
- Pass 7: Overwrite all addressable locations with a random bit pattern
However, the older 3-pass method is the one most commonly used today and is often regarded as an industry-standard in the United States.
When Was DoD 5220.22-M Introduced?
DoD 5220.22-M is a data erasure standard that was published by the DoD in 1995 for institutions that require high levels of security, such as the Pentagon. At the time it was issued, the standard was regarded as a benchmark for secure data erasure.
Why Organizations Still Use DoD 5220.22-M Today
In case you’re feeling unsure, here’s 3 reasons why you should use the DoD standard:
DoD 5220.22-M as an Industry Standard
Despite the original version of the DoD 5220.22-M algorithm being almost 30 years old, it is still widely viewed as an industry standard for media sanitization. It may not be as comprehensive as some of the more advanced wiping schemes, but the DoD method has the advantage of taking considerably less time to finish running on your system than the likes of the Gutmann standard.
Verification & Data Recovery Prevention
Another benefit of the DoD 5220.22-M standard is the fact that it performs a verification at the end of every pass, which helps to ensure that data is overwritten correctly and securely. The DoD method also uses random characters to overwrite storage locations, which reduces the chance of data recovery.
Compliance & Regulatory Requirements
Most importantly, many government agencies and private organizations require the implementation of DoD 5220.22-M as part of their data erasure practice.
How to Implement the DoD 5220.22-M Standard with BCWipe
All trusted data erasure solutions should allow you to implement the DoD 5220.22-M standard. For example, Jetico offers 2 tools:
- BCWipe Total WipeOut for securely wiping hard drives before reuse, repurposing or disposal
- BCWipe for wiping selected files and folders beyond forensic recovery, such as cleaning up classified data spills or securely destroying Controlled Unclassified Information (CUI)
Both solutions support the 3-pass DoD standard and the 7-pass DoD 5220.22-M ECE method.
Other wiping schemes supported by BCWipe include the U.S. DoE M 205.1-2 standard and the NIST 800-88-1, 800-88-2 & 800-88-3 standards. See a full list of supported wiping schemes.
Get started with the DoD 5220-22-M standard by requesting a free trial of BCWipe.
Frequently Asked Questions (FAQs)
DoD 5220.22-M is used to securely erase data from storage media by overwriting existing information with defined bit patterns. Its purpose is to make previously stored data unrecoverable, even with forensic tools. The standard is commonly applied when retiring, reusing or disposing of storage devices.
Yes. Although it was introduced in 1995, the 3-pass DoD 5220.22-M method is still widely accepted, particularly in the United States. Many organizations continue to rely on it because it provides a strong balance between security, verification and execution time.
You should use DoD 5220.22-M when compliance requirements or internal policies explicitly reference it, or when a proven and well understood wiping method is required. It is often selected over more complex standards when faster, verifiable data erasure is needed without unnecessary overhead.
Yes, but this depends on how the wiping tool is implemented. Full drive wiping is typically used before device disposal or redeployment, while file level wiping is suitable for securely deleting sensitive files without affecting the rest of the system.
Verification is a key part of DoD 5220.22-M compliance. Organizations should use wiping tools that generate detailed erasure reports or certificates confirming the method used, the number of passes completed and the target device. These records support audits and demonstrate that data was erased according to policy.
Related Articles
Hardware Decommissioning Process: A 5-Step Checklist
Data Sanitization 5 Common Myths
CMMC 2.0 Levels, Controls & Framework for Media Sanitization Requirements
NIST SP 800-88 Guidelines for Media Sanitization Explained
IEEE 2883-2022 Standard for Sanitizing Storage
IRS Publication 4812 & How to Comply with Wiping Standards
How to Securely Wipe Your Windows 11 Computer Clean
The Ultimate Guide to Deleting Files Permanently
How to Obtain a Certificate of Destruction