The Information Secure Office (ISO) has approved several methods of complying with policy for encrypting sensitive data on removable media. The preferred method of accomplishing this is using WinMagic SecureDoc, the enterprise whole disk encryption product available through ITS.
...
Encryption Technology | Escrow Method | Operating System(s) Supported | Encrypts entire media? | Cost | More Information |
|---|---|---|---|---|---|
WinMagic SecureDoc | SecureDoc Enterprise Server | Windows, Linux | Yes | None | |
Microsoft Bitlocker To Go (1) | Active Directory (in some cases), Stache | Windows 7 / , Windows 2008 R2, and newer | Yes | None | http://technet.microsoft.com/en-us/library/dd630628%28WS.10%29.aspx |
Apple FileVault 2 | Stache | Mac OS X 10.7+ | Yes | None | |
Apple Encrypted Disk Images | Stache | Mac OS X | No | None | |
TrueCrypt 7.1a (2) | Stache | Windows 7/Vista/XP, Mac OS X, and Linux | No | None | No longer approved for new deployments after May 2014. See footnote (2) below. |
FIPS 140-2 Level 3 certified hardware-encrypted USB drives (3) | Stache | Varies | Varies | Yes | Examples of FIPS 140-2 Level 3 certified devices: |
(1) BitLocker To Go is only available with Windows 7 and Windows 2008 R2, however Windows XP SP3 and above can be used with BitLocker To Go encrypted removable media in read-only mode when the BitLocker To Go Reader application is installed. The BitLocker To Go Reader is packaged on BitLocker To Go protected removable media automatically.
(2) As of May 2014, TrueCrypt has been officially abandoned by the developers. Version 7.1a (no longer available from the official site) is the last version capable of encrypting data. Usage of TrueCrypt is approved only for existing deployments, contingent upon the outcome of the ongoing third-party audit of the product. TrueCrypt is not approved for and must not be used with new deployments, starting May 2014.
(3) FIPS 140-2 Level 2 compliance only requires that devices use a known good encryption algorithm and be resistant to tampering. It does not address how the encryption is implemented, keys are managed, or users are authenticated. Ultimately, this means that the standard covers very little of what actually makes a device secure (or not). FIPS Level 2 compliant devices from SanDisk and Kingston have been compromised in the past due to improper key handling and poor user authentication mechanisms. FIPS 140-2 Level 3 is far more rigorous and comprehensive.
Copyright © 2001-2011 Information Technology Services. All rights reserved.