DATA AT REST ENCRYPTION FOR MOBILE COMPUTING DEVICES AND REMOVABLE STORAGE MEDIA

Date Signed: 12/14/2007
MARADMIN Number: 732/07

UNCLASSIFIED//
MARADMIN 732/07
142229Z DEC 07
MSGID/GENADMIN/CMC WASHINGTON DC/C4 IA//
SUBJ/DATA AT REST ENCRYPTION FOR MOBILE COMPUTING /DEVICES AND REMOVABLE STORAGE MEDIA//
REF/A/-/FIPS PUB 140-2 SEC CRYPTO MODS/-//
REF/B/MSGID:GENADMIN/DON CIO WASHINGTON DC/091256C//
NARR/REF A PROVIDES A FEDERAL STANDARD THAT SPECIFIES SECURITY REQUIREMENTS THAT WILL BE SATISFIED BY A CRYPTOGRAPHIC MODULE. REF B IS THE DEPARTMENT OF THE NAVY GUIDANCE ON ENCRYPTION OF SENSITIVE UNCLASSIFIED DATA AT REST.//
POC/JOSEPH S UCHYTIL/MAJ/HQMC C4 IA/TEL: 703-693-3490/
EMAIL:JOSEPH.UCHYTIL@USMC.MIL//
POC/JOSEPH PETTO/GS14/UNIT:MCNOSC/NAME:
703-784-4156 /EMAIL:JOESEPH.PETTO@USMC.MIL//
GENTEXT/REMARKS/1. THE TREND TOWARDS HIGHLY MOBILE COMPUTING AND REMOVABLE STORAGE MEDIA WITHIN THE DEPARTMENT OF DEFENSE (DOD) HAS MADE THE PROTECTION OF DATA AT REST (DAR) A TOPIC OF GREAT CONCERN.
THE ABILITY TO EFFECTIVELY AND EFFICIENTLY PROTECT SENSITIVE DATA ON MOBILE COMPUTING DEVICES AND REMOVABLE STORAGE MEDIA HAS SEEN INCREASED ATTENTION DUE TO COMPROMISES OF PERSONALLY IDENTIFIABLE INFORMATION (PII) THROUGH THE LOSS OF LAPTOPS, FLASH DRIVES AND
PORTABLE ELECTRONIC DEVICES (PED). DUE TO INCREASED COMPROMISE OF
PII, THE DOD ASSEMBLED ALL THE SERVICES AND AGENCIES TO IDENTIFY A SOLUTION SET OF ENCRYPTION PRODUCTS THAT COULD BE USED THROUGHOUT THE DOD TO PROTECT SENSITIVE AGENCY INFORMATION. THE GROUP WAS NAMED THE DATA AT REST TIGER TEAM (DARTT). THROUGH TECHNICAL DISCUSSIONS AND POLICY REVIEW, THE DARTT WAS ABLE TO PROVIDE AN APPROVED PRODUCTS LIST (APL) THROUGH THE ENTERPRISE SOFTWARE INITIATIVE (ESI) BLANKET PURCHASE AGREEMENT (BPA) FOR USE THROUGHOUT THE DOD. IAW REF B, ANY PROCURMENTS OF DAR ENCRYPTION PRODUCTS MUST BE MADE THROUGH THE DOD ESI BPA. DUE TO INTEROPERABILITY, MAINTENANCE AND PROCURMENT CONCERNS, THE MARINE CORPS WILL LOOK TO IMPLEMENT AN ENTERPRISE WIDE SOLUTION FOR DAR ENCRYPTION IAW REF B. FOR PURPOSES OF THIS MARADMIN, SENSITIVE UNCLASSIFIED DAR IS DEFINED AS ANY INFORMATION THAT HAS NOT BEEN APPROVED FOR PUBLIC RELEASE. ADDITIONALLY, DAR IS ONLY THAT INFORMATION WHICH IS RESIDENT IN MEMORY OR STORAGE AND NOT IN TRANSIT (I.E. EMAIL). DATA IN TRANSIT WILL CONTINUE TO BE PROTECTED THROUGH THE USE OF TECHNOLOGIES SUCH AS PUBLIC KEY INFRASTRUCTURE (PKI) ENCRYPTION AND SECURE SOCKET LAYER (SSL) PROTOCOL, ETC., AND IS NOT APPLICABLE TO THIS POLICY. MOBILE COMPUTING DEVICES AND REMOVABLE STORAGE MEDIA ARE DEFINED IAW REF B.
2. POLICY. IAW REF B THE BELOW REQUIREMENTS ARE EFFECTIVE IMMEDIATELY.
A. ALL SENSITIVE UNCLASSIFIED DAR ON MOBILE COMPUTING DEVICES AND REMOVABLE STORAGE MEDIA MUST BE ENCRYPTED THROUGH CURRENTLY APPROVED METHODS. WHEN AVAILABLE, USE OF THE MARINE CORPS ENTERPRISE NETWORK
(MCEN) DAR ENCRYPTION SOLUTION WILL BE MANDATORY.
B. HOLD ALL PURCHASES OF DAR ENCRYPTION TECHNOLOGIES IN ABEYANCE UNTIL A MCEN SOLUTION IS DETERMINED. SHOULD A COMMAND OR UNIT, THROUGH OPERATIONAL NECESSITY, REQUIRE A DAR ENCRYPTION SOLUTION PRIOR TO THE MCEN SOLUTION DETERMINATION, SUBMIT REQUESTS TO HQMC, C4. REQUESTS WILL BE EVALUATED ON A CASE BY CASE BASIS. UNTIL A MCEN SOLUTION IS DETERMINED, WINZIP 9.0, MICROSOFT ENCRYPTING FILE SYSTEM (EFS) OR ANY PREVIOUSLY APPROVED PRODUCT THAT MEETS THE REQUIREMENTS FOR ENCRYPTION TECHNOLOGIES IAW REF A IS AUTHORIZED FOR DAR ENCRYPTION. ONCE A MCEN SOLUTION IS DETERMINED, ALL OTHER MEANS OF DAR ENCRYPTION WILL NO LONGER BE AUTHORIZED.
C. ALL NEWLY PROCURED COMPUTER ASSETS (DESKTOPS, LAPTOPS, PEDS, SERVERS
ETC.) MUST INCLUDE A TRUSTED PLATFORM MODULE (TPM) VERSION
1.2 OR HIGHER, WHERE SUCH TECHNOLOGY IS AVAILABLE.
D. COMMANDS ARE RESPONSIBLE FOR PUBLISHING LOCAL PROCEDURES FOR COMPLYING WITH THIS MARADMIN. ENCRYPTION OF DAR SHOULD NOT PRECLUDE LOCAL COMMANDS FROM ESTABLISHING SECURITY POLICIES AND PROPER HANDLING PROCEDURES FOR INFORMATION TECHNOLOGY RESOURCES.
3. WHILE THE FOCUS OF THIS MARADMIN IS MOBILE COMPUTING DEVICES AND
REMOVABLE STORAGE MEDIA, THE ULTIMATE GOAL WILL BE TO PROTECT ALL SENSITIVE UNCLASSIFIED DAR THROUGHOUT THE MCEN, TO INCLUDE DAR ON DESKTOPS, SERVERS AND BACKUP MEDIA ETC.
4. ADDITIONAL GUIDANCE WILL BE PUBLISHED VIA SEPCOR UPON DETERMINATION OF A MCEN DAR ENCRYPTION SOLUTION.
5. REQUEST WIDEST DISSEMINATION OF THIS MESSAGE
6. RELEASE AUTHORIZED BY BGEN G.J. ALLEN, DIRECTOR, COMMAND, CONTROL,
COMMUNICATIONS, AND COMPUTERS//

"Yigaquu osaniyu adanvto adadoligi nigohilvi nasquv utloyasdi nihi" Cherokee - "May the Great Spirit's blessings always be with you."