[Infowarrior] - USG to deploy full-disk encryption on all computers
Richard Forno
rforno at infowarrior.org
Thu Dec 28 14:01:16 EST 2006
Federal Government to deploy Full Disk Encryption on all government owned
computers.
http://www.full-disk-encryption.net/fde_govt.html
By Saqib Ali
December 28,2006
To address the issue of data leaks from stolen or missing laptops, US
Government is planning to use Full Disk Encryption (FDE) on all of the
Government owned computers. On June 23, 2006 a Presidential Mandate was put
in place requiring all agency laptops to fully encrypt data on the HDD. The
US Government is currently conducting the largest single side-by-side
comparison and competition for the selection of a Full Disk Encryption
product. This implementation will end up being the largest single
implementation ever, and all of the information regarding the competition is
in the public domain. The selected product will be deployed on Millions of
computers in the US federal government space. The evaluation will come to a
end in 90 days.
The list of vendors partipicating in this contest, requirements, and other
related documents are available at:
http://www.fbo.gov/spg/USAF/AFMC/ESC/FA8771-07-R-0001/Attachments.html
Some of the popular FDE vendors participating in the Contest include
Seagate, Mobile Armor, Pointsec, SafeNet, and Credant
As with any other encryption product being used by Federal Government, the
selected FDE product must have FIP 140-2 certification. Currently Pointsec
and Utimaco hold this certification for the software based FDE solutions.
Full disk encryption (or whole disk encryption) is a kind of disk encryption
(software or hardware) which encrypts every bit of data that goes on a disk.
The term "full disk encryption" is often used to signify that everything on
a disk including the operating system is encrypted. There are also programs
capable of encrypting an entire disk fully but cannot directly encrypt the
system partition or boot partition of the operating system (e.g. TrueCrypt,
which can fully encrypt, for example, an entire secondary hard disk).
Full disk encryption has several benefits compared to regular file or folder
encryption, or encrypted vaults. The following are some benefits of full
disk encryption:
1. Everything including the swap space and the temporary files are
encrypted. Encrypting these files is important, as they can reveal important
confidential data.
2. With full disk encryption, the decision of which files to encrypt is not
left up to users.
3. Support for pre-boot authentication.
In the light of recent laptops theft and data security breaches, large
corporations and government institutions are looking at various Full Disc
Encryption (FDE) solution to protect their confidential data on mobile
devices.
More information about the Infowarrior
mailing list