Security Basics mailing list archives
Re: List of Full Disc Encryption products
From: "Stephen John Smoogen" <smooge () gmail com>
Date: Thu, 6 Jul 2006 16:57:48 -0600
On 7/6/06, Sadler, Connie <Connie_Sadler () brown edu> wrote:
I agree with Roger. Full drive encryption is not required for anything that isn't classified. At least I've never seen a requirement for it.
The latest OMB requirement http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf Which states among a lot of other things: Encrypt all data on mobile computers/devices which carry agency data unless the data is determined to be non-sensitive, in writing, by your Deputy Secretary or an individual he/she may designate in writing; [End of Quote] The issue that is coming up is how 'data' is defined by an organization's security organization. Some are using the definition of what is in a file to be the stuff needing encrypted, thus file level encryption needed. Others are looking that the data may also exist in swap space and temp files also need to be encrypted and thus going for the entire disk encryption method. The definition of non-sensitive is also being defined rather small as the primary issue for the agencies is not to look bad. [Being able to say "yes the laptop is stolen but whatever on it is not easily gotten" is the answer that is being looked for versus "it contained a lot of sensitive stuff but was encrypted."] The 'end' goal will probably be to have all Federal government laptop drives (or laptops purchased/funded by Federal money) to have a hardware FIP-140-1 encryptor in place that can only be unlocked via 2 factor keyfob+password. -- Stephen J Smoogen. CSIRT/Linux System Administrator --------------------------------------------------------------------------- This list is sponsored by: SensePostHacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at:
http://www.sensepost.com/training.html ---------------------------------------------------------------------------
Current thread:
- Re: List of Full Disc Encryption products, (continued)
- Re: List of Full Disc Encryption products Ow Mun Heng (Jul 07)
- RE: List of Full Disc Encryption products Steve Armstrong (Jul 06)
- Re: List of Full Disc Encryption products Eric Furman (Jul 06)
- Re: List of Full Disc Encryption products Ow Mun Heng (Jul 06)
- Re: List of Full Disc Encryption products Ansgar -59cobalt- Wiechers (Jul 10)
- Message not available
- Re: List of Full Disc Encryption products Saqib Ali (Jul 06)
- RE: List of Full Disc Encryption products Roger A. Grimes (Jul 06)
- Re: List of Full Disc Encryption products Saqib Ali (Jul 06)
- RE: List of Full Disc Encryption products Roger A. Grimes (Jul 06)
- RE: List of Full Disc Encryption products Sadler, Connie (Jul 06)
- Re: List of Full Disc Encryption products Stephen John Smoogen (Jul 07)
- Re: List of Full Disc Encryption products Saqib Ali (Jul 06)
- RE: List of Full Disc Encryption products Roger A. Grimes (Jul 06)
- Re: List of Full Disc Encryption products Dereck Martin (Jul 07)
- RE: List of Full Disc Encryption products Roger A. Grimes (Jul 07)
- RE: List of Full Disc Encryption products Steve Armstrong (Jul 10)