Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: List of Full Disc Encryption products

From: "Saqib Ali" <docbook.xml () gmail com>
Date: Thu, 6 Jul 2006 09:28:17 -0700
On 7/5/06, Roger A. Grimes <roger () banneretcs com> wrote:

I don't believe your second sentence. Prove me wrong. What mandate says
that full hard drive encryption is mandatory versus just encrypting the
necessary files and folders?  Give me the law and subsection.


OK. See:
1) http://digg.com/security/U.S._gov_t_mandates_laptop_security
2) http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf

Bullet #1 from the PDF reads:
1) Encrypt "all" data on mobile computers/devices which carry agency
data unless the data is determined to be non-sensitive, in writing, by
your Deputy Secretary or an individual he/she may designate in
writing;

So encrypting certain files on the laptop will NOT suffice. You have
to encrypt "All Data".

If you are NOT encrypting partial data on the device, you have to get
an written exception from the Deputy Secretary.



--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

---------------------------------------------------------------------------
This list is sponsored by: SensePost
Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: 
http://www.sensepost.com/training.html
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: