Home page logo
/

basics logo Security Basics mailing list archives

Re: List of Full Disc Encryption products
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Thu, 6 Jul 2006 09:28:17 -0700

On 7/5/06, Roger A. Grimes <roger () banneretcs com> wrote:
I don't believe your second sentence. Prove me wrong. What mandate says
that full hard drive encryption is mandatory versus just encrypting the
necessary files and folders?  Give me the law and subsection.

OK. See:
1) http://digg.com/security/U.S._gov_t_mandates_laptop_security
2) http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf

Bullet #1 from the PDF reads:
1) Encrypt "all" data on mobile computers/devices which carry agency
data unless the data is determined to be non-sensitive, in writing, by
your Deputy Secretary or an individual he/she may designate in
writing;

So encrypting certain files on the laptop will NOT suffice. You have
to encrypt "All Data".

If you are NOT encrypting partial data on the device, you have to get
an written exception from the Deputy Secretary.



--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at:
http://www.sensepost.com/training.html
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault