Certified Data Erasure

Defense & Government

DoD 5220.22-M Wipe Software

U.S. Department of Defense 3-pass standard. Per-pass verification, tamper-proof certificate.

Request a Demo Pricing
✓ DoD 5220.22-M (E) ✓ 3-Pass + Verify ✓ Pass-by-Pass Logging ✓ Government Tender Ready

The Problem

Three realities about DoD 5220.22-M

DoD 5220.22-M has been the U.S. defense reference for decades, but modern hardware and newer standards have clarified its strengths and limits. Still required in government tenders, yet technically best applied alongside NIST 800-88.

Time Cost of Legacy Policy

DoD 3-pass takes ~3x longer than NIST single-pass. In a 1000-disk ITAD operation, the gap is ~3000 extra hours. When policy diverges from technical need, operational cost grows.

Limited on Modern SSDs

Wear-leveling and over-provisioning prevent DoD 3-pass software writes from reaching spare cells. On SSDs it must be combined with NVMe Sanitize or Cryptographic Erase; PIWIPE runs both and records on the certificate.

No Certificate, No Tender

In government and defense tenders, the only proof of DoD-sanitized hardware is the certificate. Without it, the bid is rejected at technical evaluation; independent verification is required even for a single device.

3-Pass Sanitization Process

P1
Pass 1: Zeros (0x00)

All addressable sectors are filled with 0x00 bytes. Random sample sectors are read back and verified at end of pass.

P2
Pass 2: Ones (0xFF)

Second pass fills all sectors with 0xFF. This eliminates the effect of prior writes in legacy HDDs where magnetic remanence analysis is feasible.

P3
Pass 3: Random + Verification

Cryptographic-quality random data is written. All sectors are read back and matched against the written values. Mismatch → no certificate, device Failed.

Bid on government tenders with DoD

Most government and defense tenders require hardware sanitized with DoD 5220.22-M. The PIWIPE certificate documenting this standard is used as direct evidence in tender documents. For SSDs, hybrid use with NIST 800-88 + NVMe Sanitize is recommended; the PIWIPE console lets you choose either standard.

Process Timeline

Five-stage DoD sanitization lifecycle

The same controlled flow for every device; chain-of-custody and audit trail form the basis of the DoD tender file.

1

Inventory & Tagging

Device serial, model, capacity, and tender reference recorded in the PIWIPE console; physical barcode/QR label printed. Custody chain begins here.

2

Verify Disk Health

S.M.A.R.T. read, bad-sector and reallocated count check. On critical error, physical destruction is recommended; pre-shred certificate issued.

3

Run DoD 3-Pass

Pass 1 — 0x00, Pass 2 — 0xFF, Pass 3 — cryptographic random. Each pass start/end timestamp logged; parallel multi-wipe runs multiple devices simultaneously.

4

Per-Pass Verification

After each pass, random sample sectors are read and compared to written value. Optional full-sector verification on final pass. Mismatch flags device Failed.

5

Certificate & Archive

PDF certificate generated with SHA-256 hash + PKCS#7 digital signature; auto-uploaded to cloud console. Tender file gets PDF + CSV log + QR verification URL.

Use Cases

Sectors requiring DoD-grade sanitization

From defense subcontractors to government hospitals, embassies to police IT — concrete fields where DoD tenders apply.

🛡️

Defense Contractor

CMMC, DFARS, and NISPOM requirements reference DoD 5220.22-M. PIWIPE's 3-pass + per-pass log clears hardware audits at the prime contractor handoff.

🔒

Classified Workstation

Confidential/Secret-classified workstations follow multi-pass standard at retirement. PIWIPE: pre-wipe S.M.A.R.T. + DoD 3-pass + post-verify; failed devices route to physical destruction.

📜

Government Tender

Most government tenders mandate DoD 5220.22-M in the technical specification. The PIWIPE certificate is filed with the bid; QR verification is usable by the independent technical evaluation committee.

🌐

Embassy / Diplomatic Mission

Diplomatic missions retire crypto-grade hardware under strict process. PIWIPE open-channel certificate and internal audit log; uninterrupted report chain to home office.

🏥

Military Hospital

Military health facilities operate under HIPAA-parallel and DoD-parallel requirements. A single PIWIPE wipe produces both 3-pass and NIST 800-88 certificates; dual compliance.

👮

Police / Forensic IT

Forensic IT labs sanitize evidence drives after case closure. DoD 3-pass + per-pass timestamp documents the case closure dossier.

Other standards: NIST 800-88 · HIPAA · GDPR · KVKK

Compliance Checklist

DoD tender file checklist

A 9-item checklist when submitting DoD-sanitized hardware in a government or defense tender. PIWIPE-fulfilled (✓), policy-required (◐).

  • Device Inventory Record + Label — Serial, model, capacity + barcode/QR; auto from PIWIPE console.
  • Pre-Wipe S.M.A.R.T. Report — Disk health evidence; on failure routes to physical destruction.
  • DoD 3-Pass Execution Log — Pass 1: 0x00, Pass 2: 0xFF, Pass 3: random + verify; each pass timestamped.
  • Per-Pass Verification — Random sample sector verification; full-sector option on final pass.
  • Tamper-Proof Certificate — SHA-256 + PKCS#7 digital signature; QR verification.
  • NIST 800-88 Hybrid (SSD) — For SSDs, DoD + NVMe Sanitize together; one certificate, dual requirement.
  • Operator Identity & Authorization — Certificate records operator name, machine, date; role-based access control.
  • Chain-of-Custody Document — Label → sanitize → archive → delivery chain unbroken; PIWIPE log + manual sign-off. (◐)
  • Tender Submission (PDF + CSV + QR) — Certificate PDF, log CSV, and verification URL in one archive; the technical committee verifies independently.

Frequently Asked

DoD 5220.22-M & Data Wipe

What is DoD 5220.22-M?
The U.S. DoD's 3-pass overwrite standard: Pass 1 — zeros (0x00), Pass 2 — ones (0xFF), Pass 3 — random pattern + verification. Used as a reference for sensitive defense data for decades.
How does DoD differ from NIST 800-88?
NIST 800-88 considers modern single-pass + verification sufficient; DoD requires 3 passes. On SSDs, the benefit of 3 passes is limited (wear-leveling), so most modern organizations prefer NIST. Government tenders and legacy policies still require DoD.
How long does a DoD wipe take?
Approximately 3 × disk capacity / write speed. Typical: 6-12 hours for a 1 TB SATA HDD, 1-3 hours for a 1 TB SATA SSD. PIWIPE's parallel multi-wipe processes multiple devices simultaneously.
Does PIWIPE record every pass on the certificate?
Yes. The certificate records each pass's completion timestamp, pattern used, and post-pass verification result. If an error occurs, the device is flagged Failed and no certificate is issued.
Is DoD 5220.22-M valid for SSDs?
Technically, DoD 3-pass works on SSDs but cannot reach spare cells due to wear-leveling; for "Purge" level, NIST 800-88 recommends NVMe Sanitize or Cryptographic Erase. PIWIPE allows DoD on SSDs for policy compliance but additionally runs hardware Sanitize and writes both to the certificate — policy and technical requirement met simultaneously.
Is there NIAP or NSA approval?
PIWIPE is an independent software product; not directly listed on NIAP Common Criteria or NSA EPL. However, it implements the DoD 5220.22-M algorithm per the NISPOM reference. Additional evaluation documentation for federal/defense customers is available from our sales team.
Is it sufficient for U.S. federal contracts?
Federal contracts vary: some require DoD 5220.22-M, others NIST 800-88 or CMMC. PIWIPE provides both from a single console; the certificate includes both DoD pass details and NIST 800-88 method reference, so one file satisfies both requirements.
Does pre-wipe disk health matter for DoD?
Yes — bad sectors can interrupt 3-pass overwrite. PIWIPE reads S.M.A.R.T. pre-wipe; on critical errors the user is warned and physical destruction (shred) recommended. A pre-shred certificate is issued so the chain-of-custody is not broken.
What is the cost of legacy policy?
DoD 3-pass takes ~3x longer than NIST single-pass. For 1000 disks: NIST ~1500 hours, DoD ~4500 hours. Operator cost and operational delay matter. Most organizations now prefer hybrid: NVMe Sanitize for SSDs, NIST 800-88 + Verify for HDDs; PIWIPE supports both.

Defense-Grade Custody

Certificates stay on-site — for government / classified environments

In defense and government contracts (NISPOM, CMMC Level 3, DFARS 252.204-7012, ITAR), the custody of sanitization records for classified or CUI-containing devices typically must remain on-site (on-prem, air-gapped, GovCloud). Using a third-party commercial cloud may violate DD Form 254 and DFARS clauses, or at minimum require additional FedRAMP/IL5 assessment.

PIWIPE
Customer FTP/SFTP — Air-Gapped / GovCloud Ready
Certificates never leave the facility

PIWIPE Windows runs locally on the device; certificates are written to your designated FTP/SFTP server — that server can live in your air-gapped facility network, on a VM inside AWS GovCloud / Azure Government / Oracle Government Cloud (FedRAMP-High, IL5), or in your own shred-room SCIF. Sync to the PIWIPE cloud console is optional; in classified environments it is disabled and certificates never leave the facility. This configuration aligns with NISPOM Chapter 8 and CMMC L3 media-security controls. Comparison page →

DoD-certified wipe with PIWIPE.

Request a Demo Contact Sales