Once again, there’s a call from the White House to government agencies to implement multi-factor authentication (MFA) and encryption to secure data at rest (DAR). Securing DAR is crucial to improving overall cybersecurity and fundamental to zero trust environments.
If you recall, on May 12, 2021 President Biden signed the Executive Order on Improving the Nation’s Cybersecurity. The May 2021 EO called for the Federal Government to enhance the nation’s ability “to identify, deter, protect against, detect, and respond to” cyberattacks and their perpetrators. The EO specifically called out the need to encrypt and provide multi-factor authentication (MFA) to increase DAR security.
Today, January 19, 2022, President Biden issued a Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems. In this memorandum, implementation guidelines and timelines are spelled out for managers of national security systems (NSS).
(Let’s take a quick detour to define NSS. The U.S. Code defines a national security system as an agency information system that
- involves intelligence activities,
- involves cryptologic activities related to national security,
- involves command and control of military forces,
- involves equipment that is an integral part of a weapon or weapons system, or
- is critical to the direct fulfillment of military or intelligence missions.
The guidelines also apply to similar systems under the control of the DoD.)
Again, MFA and encryption requirements for securing data at rest are called out in Section 1 (b) (iii) of the memorandum:
Within 180 days of the date of this memorandum, agencies shall implement multifactor authentication and encryption for NSS data-at-rest and data-in-transit.
180 days from now is mid-July.
DIGISTOR SED/SSD Solutions
DIGISTOR customers can choose from a variety of secure self-encrypting drives (SEDs), depending on program or organizational requirements. Our AES 256-bit SEDs are easily integrated into endpoint devices such as laptops, desktop workstations, and other edge devices that require secure data storage.
Citadel™ SSDs. Citadel is the only COTS self-encrypting drive in the industry that has built-in, hardware-based:
- Common Criteria (CC) certified pre-boot authentication (PBA),
- authorization acquisition (AA),
- and encryption engine (EE).
In addition to the above features, Citadel SSDs provide multi-factor authentication.
With the cybersecurity features built into the secure Citadel SSD itself, it is not dependent on host operating systems and performs all its tasks at hardware speeds. In addition, Citadel SSDs are CSfC-ready and FIPS 140-2 L2 certified.
C Series SSDs. The DIGISTOR C Series SSD lineup integrates our TCG Opal SSDs with Cigent security features that include multi-factor authentication and TCG Opal encryption. (FIPS 140-2 L2 versions coming soon.) With file access logging and crypto erase capabilities, C Series SSDs may be an optimal solution for endpoint protection.
Removable Drives for Physical Security
DIGISTOR customers can also choose from a variety of secure, removable storage solutions for those workflows or programs require secure data transport or physical security such as placing data storage devices into a safe or other physically secure location.
VaultDisk removables. The VaultDisk product lineup includes removable SSD options for Dell rugged laptops and desktops.
CRU removables. CRU, a DIGISTOR sister brand, has removable drive options for Dell and HP computers, as well as drones, vehicles, and many other applications.
Of course, these removable drives can include Citadel or C Series secure SEDs so data is protected inside and outside of the drive’s host system.
When a secure DAR solution needs
- Multi-factor authentication
- Encryption, preferably hardware encryption on the SSD itself
- Ability to integrate into off-the-shelf laptops and desktops
- Flexibility to build into edge devices
secure DIGISTOR SSDs are your best bet. Contact us to discuss your requirements.