(03) 9069 2162

info@ewastevictoria.net.au

Overwriting Standards Compared: DoD vs NIST vs Others

by | Apr 13, 2026 | Data Security & Destruction, Education

Making Sense of Data Overwriting Standards

Organisations looking to implement data destruction processes quickly encounter a confusing landscape of overwriting standards, each with different names, different numbers of passes, and different levels of recognition. The DoD 5220.22-M, NIST 800-88, Gutmann method, HMG IS5, and various national standards all prescribe different approaches to overwriting data on storage media.

Understanding what each standard actually requires, how they compare, and which ones are still relevant helps organisations make informed decisions about their data destruction practices.

DoD 5220.22-M

The U.S. Department of Defense Standard 5220.22-M is perhaps the most widely cited overwriting standard, though it is also one of the most misunderstood. The standard originally described a three-pass overwriting process: write a character (pass 1), write the complement of that character (pass 2), and write a random character with verification (pass 3).

Some interpretations reference a seven-pass variant, though this was not part of the original specification. The three-pass method became the de facto benchmark for data sanitisation in the 1990s and 2000s, and many wiping tools still offer it as an option.

However, it is important to note that the DoD has moved away from overwriting as a primary sanitisation method. Current DoD guidance references NIST 800-88 for media sanitisation, and the DoD no longer maintains 5220.22-M as an active sanitisation standard. The standard remains available as an option in many wiping tools, but it should not be considered the most current guidance.

NIST 800-88

The National Institute of Standards and Technology’s Special Publication 800-88, “Guidelines for Media Sanitization,” is the most authoritative and widely accepted standard for data sanitisation globally. First published in 2006 and revised in 2014, it provides a comprehensive framework that goes well beyond simple overwriting.

NIST 800-88 defines three sanitisation levels. Clear involves overwriting all user-addressable storage with a single pass and is effective against non-invasive recovery techniques. Purge uses physical or logical techniques that make recovery infeasible even with state-of-the-art laboratory methods, including firmware-level commands like ATA Secure Erase and NVMe Sanitize. Destroy renders the media physically unusable through shredding, disintegration, or incineration.

The key contribution of NIST 800-88 is its decision framework, which helps organisations select the appropriate sanitisation level based on the data’s confidentiality categorisation and the intended disposition of the media. It also acknowledges that modern storage technologies (particularly SSDs) require different approaches than traditional magnetic media.

Gutmann Method (35-Pass)

Peter Gutmann’s 1996 paper proposed a 35-pass overwriting method designed to defeat magnetic force microscopy attacks on hard drives of that era. Each pass uses a specific data pattern chosen to target the encoding schemes used by different drive technologies of the 1990s.

Gutmann himself has since clarified that the 35-pass method was overkill even when it was published, and that it was designed for drive technologies that are no longer manufactured. For modern drives, Gutmann has stated that a few passes of random data are more than sufficient.

Despite this, the Gutmann method persists in many wiping tools and is sometimes cited in organisational policies. There is no technical justification for using 35 passes on modern drives, and doing so wastes significant time without providing meaningful additional security over a single verified pass.

HMG IS5 (United Kingdom)

The UK government’s HMG Infosec Standard 5 (IS5) defines two levels of overwriting. The baseline level requires a single pass of zeros or random data. The enhanced level requires three passes: a pass of zeros, a pass of ones, and a pass of random data with verification.

HMG IS5 is primarily used within UK government contexts and by organisations that work with UK government data. For Australian organisations, it is most relevant when dealing with UK clients or complying with UK-specific contractual requirements.

BSI-GS (Germany)

Germany’s Federal Office for Information Security (BSI) published guidelines that recommend a single-pass overwrite with random data for media that will be reused, and physical destruction for media containing data classified as VS-VERTRAULICH (CONFIDENTIAL) or higher. The BSI guidelines align closely with the NIST 800-88 approach of matching the sanitisation method to the data’s sensitivity level.

RCMP TSSIT OPS-II (Canada)

The Royal Canadian Mounted Police Technical Security Standard for Information Technology, Appendix OPS-II, specified a seven-pass overwriting method alternating between zeros, ones, and random data. Like the DoD standard, this has been largely superseded by more current guidance, and Canada now references NIST 800-88 as well.

IEEE 2883

The IEEE Standard 2883 for Sanitizing Storage was published in 2022 as a modern update to data sanitisation guidance, specifically designed to address current storage technologies including SSDs, NVMe drives, and other flash-based media. It defines Clear, Purge, and Destruct categories similar to NIST 800-88 but with updated technical methods for modern media types.

IEEE 2883 is gaining recognition as a complement to NIST 800-88, particularly for organisations that need the most current guidance on solid-state media sanitisation.

How Many Passes Do You Actually Need?

For modern magnetic hard drives, research consistently shows that a single complete overwrite is sufficient to prevent data recovery. The high areal density of modern drives means that the residual magnetic signal after a single overwrite is too weak to be meaningfully recovered, even with advanced forensic techniques.

For solid-state media, the number of overwrite passes is largely irrelevant because the fundamental limitation is not the overwrite thoroughness but the inability of host-level overwrites to reach all physical storage locations. Firmware-level sanitise commands are required regardless of how many overwrite passes are performed.

Which Standard Should You Follow?

Recommendation: For most Australian organisations, NIST 800-88 is the most appropriate standard to follow. It is internationally recognised, regularly referenced by Australian regulatory bodies, and provides a risk-based framework suitable for all data sensitivity levels and media types. If a client or contract specifies a different standard (such as DoD 5220.22-M or HMG IS5), comply with that requirement, but understand that NIST 800-88 provides equivalent or superior guidance in most cases. For more on choosing the right approach, see our guide to data destruction for Australian businesses.

The proliferation of overwriting standards can be confusing, but the consensus across the industry has converged around the NIST 800-88 framework. Organisations that align their practices with this standard are well-positioned for compliance across most regulatory and contractual contexts.