exceeds DOD standards

So a company does disk destruction for hard drives. On a sign it said "exceeds DOD standards. Now I don't understand how is it that they know that they "exceed" the Department of Defense in data destruction. Wouldn't that be some type of false advertisement? I mean who knows how the DOD destroys their data that doesn't work for the DOD? Ya sure it could be posted on a website for the information that the DOD wants people to know. Yet there could be another method that the DOD doesn't want people to know.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Dingdongbubble

As far as I know, the DOD has standards for computer usage and yes it has published them. I was using TrueCrypt and they ahve multiple methods of encryption. One of them is highly secure but it is kinda slow. Another one is also very secure but not as much but it is faster so the DOD made that as its 'standard'.

Sie

'Overwrite all addressable locations with a character, its
complement, then another character and verify'
DoD 5220.22-M

Source: http://www.ucl.ac.uk/cert/secure_disposal_guidelines.pdf

I believe this is the DOD standard so an application that does this multiple times is exceeding the DOD standard.

Its not refering to the fact it can delete or remove data better than the DOD could using their resources just up to and exceeding the standard they have outlined and released.

[Edited SP and Clarity]

Tyrant1919

7 passes with a wiping program was enough to declassify a classified hard drive for destruction. Then opening the hard drive and destroying the platter was fun if you didn't mind little pieces all over the place. So, say, using the program 8 times would technically 'exceed' these standards.

The standards aren't a secret. Googling DOD data destruction standards, or sanatizing, will yield a few results I'm sure.

cacharo

Here are the standards and procedures they are referring to;

http://en.wikipedia.org/wiki/National_Industrial_Security_Program

RTmarc

As already stated, the DoD has published its standards for data destruction. The 'exceeds DoD standards' claim is probably by means of a different method of wiping the device or number of passes made over the drive - DoD uses X whereas this uses X+5.

undomiel

I believe this link will show you a number of the security standards as set forth by the DoD.

http://www.dtic.mil/whs/directives/corres/html/522022m.htm

Tyrant1919

We need to post in this thread more quickly people!

Sie

Tyrant1919 wrote:

We need to post in this thread more quickly people!

Seems we are all taking the same coffee break

undomiel

There were no replies when I viewed the thread, 2 replies showed up when I clicked reply, and then there were 3 more replies by the time I posted plus an edit.

sprkymrk

They are referring to DoD 5220.22-M. Google it, there is lots of information out there on it.
Also note, there are much tougher standards with regards to classified drives. With those, it's basically a secure trip to the incinerator in an armored car.