DOD vs NIST, What’s The Difference?

Data Destruction

When it comes to data destruction some clients may be familiar with terminology like “DoD destruction”, and we often get questions about if this is the standard for ProTek Recycling’s data destruction services.  For ProTek Recycling, we found that the National Institute of Standards and Technology (NIST) Special Publication 800-88 is a more appropriate guideline for data destruction as it is more recent and more comprehensive.  So while people may be more familiar with “DoD destruction” standards, ProTek Recycling follows the guideline for media sanitization from NIST for our data destruction services.  Let’s review both the DoD 5220.22 manual and the NIST Special Publication 800-88 to see how they are related and where they differ.

Key Terms:

Media Sanitization: A general term referring to the actions taken to render data written on media (storage devices like hard drives) unrecoverable by both ordinary and extraordinary means. At ProTek Recycling we also refer to this as “data destruction”.

In 1995, the Department of Defense (DoD) published the DoD 5220.22 manual providing “requirements, restrictions and other safeguards to prevent unauthorized disclosure classified information and to control authorized disclosure of classified information released by U.S. Government Executive Branch Departments and Agencies to their contractors” (Department of Defense, 1995).  This manual is where the “DoD Destruction” standard for data destruction came from.

This manual covers topics from security clearances, security trainings, classification of marking, safeguarding classified information, subcontracting to international security requirements. Most relevant to data destruction, it has a chapter on computer and networking systems, or as it is referred to in the manual: automated information systems (AISs).  Within this chapter, the DoD 5220.22 manual lists a table on the clearing and sanitization methods for:

  • magnetic tapes
  • magnetic disks
  • optical disks
  • memory
  • equipment with cathode ray tubes (CRTs)
  • printers

In the table, the manual specifies that to sanitize removable and non-removable disks one option is to “overwrite all addressable locations with a character, its complement, then a random character and verify”, creating the standard at the time for triple overwriting data to sanitize a hard drive.

More recently in 2014, the National Institute of Standards and Technology (NIST) issued a publication providing guidelines for media sanitization for information that is not national security related. The scope of the entire NIST Special Publication 800-88 is to assist organizations in implementing a media sanitization program, and the decision-making process when the media is being disposed, reused, or leaving an organization.

In the Special Publication, NIST provides sanitization guidelines for:

  • hard copy storage
  • networking devices
  • mobile devices
  • office equipment (printers, fax machines, etc.)
  • magnetic media (floppies, hard drives, magnetic tapes, etc.)
  • optical media (CDs, DVDs, etc.)
  • flash memory-based storage devices (solid state drives (SSDs), USBs, memory cards, etc.)
  • RAM and ROM-based storage devices

The table below provides a side-by-side comparison of the Department of Defense 5220.22 manual and the NIST Special Publication 800-88.

 

Department of Defense 5220.22 manual

NIST Special Publication 800-88

Focus of the report

Protecting classified information of the US Government

To provide organizations guidance in making practical data and media sanitization decisions

Year published

1995

2014

Audience

US Government Executive Branch Departments, Agencies, and contractors

Commercial, residential, and non-security related organizations

Methods of sanitization

Clear, destroy

Clear, purge, destroy

# of types of products that the report gives sanitation guidance on

6

9

Quality of guidance for data destruction

Very limited section on data destruction with specific directive on clearing and sanitization procedures on storage devices available in 1995.

Comprehensive guide on media and data sanitization, the various methods of sanitization, and how to decide which method is appropriate.  Presents guidance in a way where if examples or current methods become outdated, the decision-making process and guidance is still relevant

The DoD 5220.22 manual is specifically geared towards classified information within the US Government and provides outdated media sanitization techniques used for older technology.  Accordingly, the guidance from the DoD 5220.22 manual is not as appropriate for today’s electronics recycling and data destruction services used in commercial industries and residential communities.  The NIST Special Publication 800-88 report provides guidelines that are applicable to commercial industries and sanitization methods effective on current technology.  Therefore, ProTek Recycling implements the sanitization methods and guidance outlined in the NIST Special Publication 800-88 to perform data destruction services for our customers.

For more information about DoD or NIST, please contact us. We would be happy to walk your though our process.

References

Department of Defense. (1995). DoD 5220.22-M National Industrial Security Program Operating Manual (NISPOM). Washington, D.C.: U.S. Government Printing Office.

U.S. Department of Commerce. (2014). NIST Special Publication 800-88 Revision 1.

Let's Get Started

Request a Free Quote Online

Electronic Recycling Quote Data Destruction Quote

Call 844‑777‑6835 to speak to a commercial recycling expert
or call 518‑720‑6555 to speak to a residential recycling expert.