Federal Data at Rest Policies

There are several government policies mandating the use of approved secure products to protect data at rest at various levels. Understand your organization's policy on Data at Rest (DaR) to assist with planning, reduce risk, and avoid information assurance roadblocks on your system/platform.

 
  • Department of Defense (DOD)

      DODI 8320.02: Sharing Data, Information, and Information Technology (IT) Services in the Department of Defense

      DoD Components must ensure all DoD information programs, applications, and computer networks will protect data in transit and data at rest according to their confidentiality level, mission assurance category, and level of exposure in accordance with References (8500.2). Learn more at fas.org

      DODI 8500.2: Information Assurance (IA) Implementation


      Encryption for Confidentiality (Data at Rest): If a classified enclave contains SAMI (sources and methods intelligence) and is accessed by individuals lacking an appropriate clearance for SAMI, then NSA-approved cryptography is used to encrypt all SAMI stored within the enclave. Learn more at fas.org      

      DODI 8420.01: Commercial Wireless Local-Area Network (WLAN) Devices, Systems, And Technologies

      Classified WLAN-enabled Portable Electronic Devices (PEDs) must use NSA-approved encryption to protect classified data-in-transit and data-at-rest on PEDs in accordance with Paragraph 3.8. of this issuance. Learn more at esd.whs.mil      


  • Joint Chiefs of Staff

      CJCSI 6510.01F: Information Assurance (IA) and Support to Computer Network

      Protection of Information in Transmission or Data at Rest: Classified national security information shall be protected using NSA-approved cryptographic and key management systems offering high protection levels and approved for protecting classified information. Learn more at jcs.mil


  • NIST

      NIST Special Publication 800-53 (Rev. 4): SC-28 Protection Of Information At Rest

      Selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category and/or classification of the information. Learn more at nvd.nist.gov        


  • Air Force

      Air Force Manual 17-1301: Computer Security (COMPUSEC) 
      5.7.1. DAR and data in transit protection requires FIPS 140-2 validated cryptographic modules for securing CUI and PII and NSA approved cryptographic systems for classified data IAW CJCSI 6510.01. 
      5.7.2. Classified Data At Rest (CDAR). Protect classified national security information at rest IAW CJCSI 6510.01 using NSA-approved cryptographic and key management systems offering appropriate protection levels and approved for protecting CDAR… Learn more at af.mil        

  • White House

      National Security Directive 42: National Policy for the Security of National Security Telecommunications and Information Systems         

      U.S. Government national security systems shall be secured by such means as are necessary to prevent compromise, denial, or exploitation…Such protection results from the application of security measures (including cryptosecurity…)..to systems which generate, store, process, transfer or communicate information of use to an adversary... Learn more at fas.org        


  • U.S. Code/Federal Law

      U.S. Code, Title 44, Chapter 35, Subchapter II, § 3557: National Security Systems 

      The head of each agency shall provide information security protections commensurate with the risk resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of—‘‘ (i) information collected or maintained by the agency or by a contractor of an agency or other organization on behalf of an agency; and ‘‘ (ii) information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency. Learn more at uscode.house.gov         


  • Army

      Pamphlet 25-2-16: Communications Security         

      (3) Only NSA/Central Security Services-approved COMSEC products and services (to include Commercial Solutions for Classified (CSfC) and cryptographic high value property (CHVP)) will be used to secure Nation Security Information (NSI) and systems; (4) Only NSA-approved cryptographic products and solutions that have been endorsed by the Chief Information Officer (CIO)/G–6, Cybersecurity Directorate (SAIS–CB) and listed in the Army Information Systems Security Program Application (ISSPA) will be used for the protection of classified information. Learn more at army.mil        

      Army Regulation 25-2: Information Management - Army Cyber Security Data Security  

      On behalf of the AO, AODRs, and ISSMs will....7)Safeguard information and records (data) in accordance with applicable NIST, DOD, and Army issuances. Required activities include....d) Leverage protective processes and tools to secure data at conception, in transit, at rest, and throughout the entire life cycle.
      (e) 1) For IT that processes classified information, use only COMSEC, CHVP, or Commercial Solutions for Classified products and services approved by the National Security Agency/Central Security Service (NSA/CSS). Learn more at army.mil



  • CNSS

      CNSSP No. 28: Cybersecurity Of Unmanned National Security Systems

      National Security Agency (NSA)-approved cryptographic algorithms and techniques, implementations, keying material, digital certificates, and associated security architectures must be used wherever cryptography or cryptographic techniques are needed in unmanned systems per CNSSP No. 15, Use of Public Standards for Secure Information Sharing (Reference g), and, in the case of commercial solutions implementation, CNSSP No. 7, Policy on the Use of Commercial Solutions to Protect National Security Systems (Reference h). Learn more at cnss.gov


General Dynamics NSA CERTIFIED DATA AT REST ENCRYPTORS

Our family of ProtecD@R Data at Rest Encryptors are designed specifically to address mission requirements and reduce risk management.

ProtecD@R Multi-Platform Encryptor (KG-204)

Top Secret and Below

Protect information on manned & unmanned surveillance platforms and other high risk locations  

Cyber and Electronic Warfare Systems - ProtecD@R PC Data-At-Rest Encryptor (DaR-400)

ProtecD@R PC Encryptor (DaR-400)

Secret and Below CHVP

Hard drive encryption for mobile laptop use or embedment into desktop towers

ProtecDR Embedded Encryptor DaR400E

ProtecD@R Embedded (DaR-400E)

Secret and Below CHVP

Data at rest protection for ruggedized VITA applications and tactical platforms

KG-540A Data At Rest Encryptor

ProtecD@R High Speed (KG-540A)

Top Secret and Below

High Speed InfiniBand Data at Rest Security for Airborne Applications 

KG-540B Data at Rest Encryptor

ProtecD@R High Speed (KG-540B)

Top Secret and Below

High Speed InfiniBand Data at Rest Security for Ground-based Applications