Encrypt sensitive data (e.g., FOUO, Privacy Act information) stored on remote access/telework clients using a whole disk encryption method. The encryption system is on the Data at Rest (DAR) approved products list or is FIPS 140-2 overall Level 1 or 2 validated (as directed by the DAA based on the sensitivity of the data).

From Remote Endpoint STIG

Part of SRC-EPT-570 File encryption for DAR

Associated with IA controls: ECSC-1

SV-6815r1_rule Encrypt sensitive data (e.g., FOUO, Privacy Act information) stored on remote access/telework clients using a whole disk encryption method. The encryption system is on the Data at Rest (DAR) approved products list or is FIPS 140-2 overall Level 1 or 2 validated (as directed by the DAA based on the sensitivity of the data).

Vulnerability discussion

The July 3, 2007 DoD Policy Memorandum "Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media" requires that remote and mobile drives be encrypted using FIPS 140-2 modules. With a few exceptions products must be procured from the DARcontract. DoD Components must purchase DAR encryption products to protect DoD DAR on mobile computing devices and removable storage media through the ESI or GSA SmartBuy BPAs. Exceptions would be if those encryption products were FIPS 140-2 compliant and included as an integral part of other products such as Vista BitLocker, or if the cryptographic modules are approved by NSA(with formal NSA Approval Letter).

Check content

This check verifies use of an approved encryption product to protect data on client devices used for remote access. The site should provide documentation of compliance. The site may also provide documentation that product is on the approved Data at Rest (DAR) products list. To verify encryption is configured on the remote endpoints, check the configuration of the operating system. If either an approved product is not used or it is not configured for use on the devices, this is a finding.

Fix text

Ensure sensitive data is encrypted using an approved encryption product.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer