I"ve often seen quotes of DOD specs saying 3 times, or lately 7 times. When specified,
the DOD document being quoted is 5220.22-M. There's a copy online at
http://www.dtic.mil/whs/directives/corres/html/522022m.htm
but it's dated 1995. I haven't found any more recent versions.
In chapter 8
http://www.dtic.mil/whs/directives/corres/pdf/522022m_0195/cp8.pdf
section 8-3-5, (page 14 of the pdf document), is the "Clearing and Sanitization Matrix".
According to that, the procedures for sanatization of hard drives requires procedures
a,b,d, or m. For optical devices, procedures m (for rewritable), or n (for read only),
are required.
On the next page, it defines those procedures...
a. Degauss with a Type I degausser
b. Degauss with a Type II degausser.
d. Overwrite all addressable locations with a character, its complement, then a random character and verify. THIS METHOD IS NOT APPROVED OR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMA-
TION.
m. Destroy - Disintegrate, incinerate, pulverize, shred, or smelt.
n. Destruction required only if classified information is contained.
Given that overwriting would be impossible after degaussing (no timing marks), I assume
they mean, procedures a, OR b, OR d, OR m. Note their emphasis, that overwriting is not
acceptable for top secret info, only degaussing, or destruction.
Does anyone here have a link to a more recent version, or to a DOD document that specifies
the 7 times rewrite?
Regards, Dave Hodgins
