English
Deutsch
Español
Français
Italiano
Português
Русский
العربية
हिन्दी
日本語
简体中文
Android
iOS
Mac
Windows
Is iShredder compliant with DoD 5220.22-M (data erasure standard)? Is there a declaration of conformity?
Protectstar, as the manufacturer of the iShredder™ product line, hereby officially declares that all iShredder™ solutions (for Android, iOS, macOS, Windows, and Windows Server) meet the requirements of the DoD 5220.22-M data erasure standard. This declaration is intended equally for end customers, business customers, and public authorities. The goal is to provide both technical details and general explanations in a way that is understandable for all target groups.
1. Background: What is the DoD 5220.22-M standard?
The DoD 5220.22-M standard originates from the National Industrial Security Program Operating Manual (NISPOM) of the U.S. Department of Defense (DoD) and was originally published in 1995.
It describes methods for secure data destruction through multiple overwriting passes and is known worldwide as a reference for professional erasure procedures.
- Origin and purpose
At its core, DoD 5220.22-M is intended to overwrite sensitive data in such a way that no remnants of the original information can be recovered, neither with software tools nor with forensic hardware methods. For a long time, this guideline served as a quasi-standard for authorities and companies looking for a reliable and traceable procedure for data destruction. - Current relevance
Newer guidelines (for example NIST SP 800-88) have replaced or surpassed DoD 5220.22-M in some areas, because today a single correct overwrite is often considered sufficient.
Nevertheless, many customers, especially in the United States, still request the DoD method as a familiar reference for secure data deletion.
2. Technical details of the DoD erase algorithm
The core of the DoD standard is the triple overwrite of all addressable storage areas, followed by verification.
- First pass – fixed bit pattern (usually 0x00):
The areas to be erased are first written uniformly with zeros.
Purpose: to completely overwrite the original data so that simple recovery is ruled out. - Second pass – complementary bit pattern (usually 0xFF):
The same area is then overwritten again, but this time with the logical complement (typically binary ones).
Purpose: to further reduce any remanence effects (magnetic or electronic remnants). - Third pass – random bit pattern:
In the final step, a pseudo-random or ideally a cryptographically secure random number generator is used to overwrite the target data with completely random values.
Purpose: to minimize residual artifacts and repeated patterns even further, so that forensic analysis methods cannot find structured clues about the original data. - Verification (Verify):
After the three passes have been completed, a check is performed to ensure that all areas were actually overwritten with the latest (for example random) bit patterns.
Purpose: to ensure that no areas were skipped or only partially overwritten.
Note for less technical users:
Imagine crossing out a handwritten text first with a black marker, then painting over it with a white pen using the opposite color, and finally spreading colorful paint over everything. At the end, you check whether any text is still showing through. That is roughly how triple overwriting works on a storage medium — except that everything happens digitally, of course.
3. Implementation of the DoD 5220.22-M standard in iShredder™
iShredder™ solutions implement the triple overwrite plus verification exactly in line with the requirements of DoD 5220.22-M. Specifically, this means:
- First overwrite cycle:
iShredder™ writes all selected data areas with a fixed bit pattern (0x00) or a similar defined value (for example 0x55 in some variants). - Second overwrite cycle:
iShredder™ overwrites the same areas with the complement of the first pattern (for example 0xFF or 0xAA). - Third overwrite cycle:
- iShredder™ generates a random value for every byte in the relevant areas and overwrites them with it.
For this purpose, a cryptographically secure pseudo-random number generator (CSPRNG) is used to ensure the highest possible entropy. - Verification of erasure (checksum/hash):
iShredder™ can then perform a checksum or hash calculation to check whether all sectors were overwritten successfully and without errors.
This process provides security and transparency that no original data fragments remain.
Additional functions:
Erasure report: After the erase processes are completed, iShredder™ provides a detailed Erasure Report in which the method used (for example “DoD 5220.22-M”), the affected files/partitions, and the verification result are listed.
Extended algorithms: Some editions also offer DoD 5220.22-M ECE (7-pass) as well as other national and international standards (NATO, BSI, Gutmann, etc.). These are primarily intended for highly critical data. For most use cases, the 3-pass variant under DoD 5220.22-M is sufficient.
4. Why iShredder™ complies with the DoD 5220.22-M standard
- Original methodology
iShredder™ follows exactly the overwrite patterns required by DoD 5220.22-M (fixed value, complement, and random value) and performs subsequent verification. - Equivalent level of security
Multiple overwriting passes with different patterns ensure that even specialized data recovery techniques can no longer reconstruct the original information.
By using a secure random generator in the third pass, an additional level of security is achieved. - Traceable documentation
Every erase process can be logged. Businesses and authorities thus receive a written record that can serve internally or externally as proof that a storage medium was sanitized according to the DoD standard. For audits or certifications (for example ISO 27001), such documentation is often essential. - Independently reviewable
Although there is no official certification from the U.S. Department of Defense (it has not issued specific “DoD certificates” for software solutions for quite some time), iShredder™ can be reviewed by external expert opinions or security labs.
5. Note on formal certifications
The U.S. Department of Defense does not grant an official seal solely for implementing the DoD 5220.22-M method. If vendors advertise “DoD-certified data erasure,” this is often misleading, because such a certification in this specific form does not exist.
Important for less technical users: “DoD 5220.22-M” refers to a procedure for data erasure, not an official audit. It is more like a recognized recipe that each vendor must implement correctly under its own responsibility.
iShredder™ follows that “recipe” and thereby creates the same level of security promised by DoD 5220.22-M.
6. Official declaration of conformity
Protectstar™ Inc. hereby formally declares that the iShredder™ solutions are DoD 5220.22-M compliant.
- Algorithmic implementation:
Triple overwrite process (fixed bit patterns, complement, random values) plus subsequent verification of correct overwriting.
Equivalent security effect:
The selected procedure and implementation correspond to the requirements described in DoD 5220.22-M. - Proof and transparency:
iShredder™ creates detailed erasure reports that list the exact erase method and the verification result. Private customers, authorities, and organizations with elevated security requirements thus receive a traceable and recognized solution for permanently and irreversibly sanitizing digital storage media.
Sources
1.) U.S. Department of Defense (DoD): National Industrial Security Program Operating Manual (NISPOM) – DoD 5220.22-M, first publication 1995, older version.
2.) Federal Office for Information Security (BSI): “Recommendations for the deletion and destruction of information,” various publications, last accessed 2023.
3.) NIST Special Publication 800-88 Rev. 1: Guidelines for Media Sanitization, National Institute of Standards and Technology, 2014.
4.) Protectstar™ Inc.: iShredder™ Technical Documentation, as of 2025.