Computers, Laptops & Tablets Accessories & Hardware What Is the AR 380–19 Method? Details on the AR 380-19 data wipe method By Tim Fisher General Manager, VP, Lifewire.com Tim Fisher has 30+ years' professional technology support experience. He writes troubleshooting content and is the General Manager of Lifewire. our editorial process Facebook Twitter LinkedIn Tim Fisher Updated December 26, 2019 Accessories & Hardware HDD & SSD Keyboards & Mice Monitors Cards Printers & Scanners Raspberry Pi Tweet Share Email AR 380-19 is a software-based data sanitization method used in various file shredder and data destruction programs to overwrite existing information on a hard drive or another storage device. Erasing a hard drive using the AR 380-19 data sanitization method will prevent all software based file recovery methods from lifting information from the drive and is also likely to prevent most hardware-based recovery methods from extracting information. ANDRZEJ WOJCICKI/SCIENCE PHOTO LIBRARY / Getty Images What Does the AR 380-19 Wipe Method Do? All data sanitization methods are pretty similar apart from the number of passes they require and what, specifically, goes in with each pass. For example, the Write Zero wipe method is normally one pass of just zeros, while RCMP TSSIT OPS-II does several passes of alternating zeros and ones and then finishes with random characters. Similar passes and verifications are seen with other data sanitization methods like ISM 6.2.92, GOST R 50739-95, Gutmann, and Schneier. However, the AR 380-19 data sanitization method is usually implemented in the following way: Pass 1 — Writes a random characterPass 2 — Writes a specified character (e.g. zero)Pass 3 — Writes the complement of the specified character (i.e. one) and verifies the write The AR 380-19 data sanitization method is sometimes used incorrectly by data destruction programs so you might see it implemented without a verification of the final pass or without a third pass at all. NAVSO P-5239-26 and CSEC ITSG-06 are almost identical to AR 380-19 except that the three passes are rearranged. With NAVSO P-5239-26 and CSEC ITSG-06, the first is a specified character, the second is the complement of the previous character, and the third is a random character pass with verification. Some data destruction programs let you customize the passes to create your own data wipe method. For example, you can customize this method to have a fourth pass of random characters and no verification. However, remember that when you change a data sanitization method like AR 380-19 too much, it's technically no longer the same method because the passes are too different. Programs That Support AR 380-19 Eraser, PrivaZer, Delete Files Permanently, and File Secure Free are free file shredders that support the AR 380-19 data sanitization method to erase files and folders off of a storage device. If you're looking for a way to erase a whole hard drive using the AR 380-19 method, you can use Eraser, PrivaZer, and File Secure Free for that too, as well as Hard Drive Eraser. Some programs that don't seem to support this data wipe method, like CBL Data Shredder, will still let you make your own sanitization method manually. With CBL Data Shredder, you can choose to write over the data in three different ways using the structure I explained above, which will essentially be the same thing as running the AR 380-19 method. Most data destruction programs support multiple data sanitization methods in addition to AR 380-19. This means you can open a program like Eraser and then later choose to use a different sanitization method if you want. It also means you can run multiple data wipe methods on the same data without having to switch between applications. More About AR 380-19 The AR 380-19 sanitization method was originally defined in Army Regulation 380-19, published by the US Army. You can read the AR 380-19 data sanitization specification in AR 380-19 Appendix F (PDF). According to Department of the Army Pamphlet 25–2–3, released in April 2019, it's clear that the US Army no longer uses AR 380-19 as its software-based data sanitization standard, but instead relies on the verification processes identified in NIST SP 800-88 Revision 1.