Wave Systems Corp. (fka WAVXQ)

[helpfulbacteria]

VERY IMPORTANT: March 19, 2008 DOD Update...

(What follows is a link to a DOD update/FAQ for the now-famous TPM-requiring memo of last year. The formatting is mine. PLEASE NOTE THE SPECIFIC REFERENCE TO THE SEAGATE FDE. So... now... with the recent official NSA qualification... in my opinion... what was a MANUAL PROCESS for getting Seagate FDEs is now FAR MORE STREAMLINED. End of debate. And END OF DISINFORMATION that was being spread last year by certain Wave competitors and bashers. ALSO NOTE THE CRITICALITY OF TPMS in the words of the DOD. Yeah, baby.)

http://iase.disa.mil/policy-guidance/faq_dar_encryption_policy_memo_18mar08_update-6_final.doc

INTRODUCTION

The following FAQs are provided as an aid in understanding and interpreting the July 3, 2007 DoD Policy Memorandum “Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media”. The list of questions is based on experiences and questions raised during the policy’s development, after the policy was signed, and after the JTF-GNO Communication Tasking Order (CTO 08-001) was published. Individual answers are not necessarily comprehensive and the list is obviously not exhaustive. This is a living document and additional questions will be added periodically when appropriate. Additional questions and/or clarifications should be forwarded to the POCs listed on the policy memo.

(SKIPPAGE TO RELEVANT QUESTIONS)

4.Is Microsoft’s EFS or Windows Vista DoD-approved for encrypting DAR?

At this time, Microsoft’s Encrypting File System (EFS) and Windows Vista BitLocker are not FIPS 140-2 validated, therefore they should not be used to encrypt unclassified data (not publicly releasable) on DoD mobile computing devices or removable storage media. Several DoD Components have used EFS as a stop-gap measure until the DARTT procurement process was completed, which represented an acceptable use of EFS. OMB and DoD now require FIPS 140-2 compliant encryption products, therefore Components using EFS will have to migrate to approved encryption products. If EFS or Vista BitLocker receive FIPS 140-2 validation, they will become an approved solution for encrypting DoD unclassified DAR. Other products that contain approved NSA cryptographic modules can also be used to encrypt DoD DAR. According to the 21 March 2007 DAR Encryption Acquisition Memo (signed by the Deputy DoD CIO), DAR encryption that is bundled into a larger, inclusive technology (such as BitLocker in Vista OS or Seagate encrypted hard drives in Dell laptops) can be purchased outside of the DARTT Blanket Purchase Agreements. It is an OMB and DoD requirement that all encryption products meet NIST FIPS 140-2 requirements or have an NSA Approval Letter for use in US Government networks.

5.Why is the Trusted Platform Module (TPM) being mandated in this memo?

The TPM paragraph was inserted into this memo to ensure all new DoD computer assets have this module since there are many future software products that will use the security features of the TPM. Supporting TPM is a desirable requirement at this time since many DoD components want to leverage its capabilities in the future for the protection of DAR on mobile computing devices. Legacy systems will not be required to be retrofitted with TPM. Based upon Service inputs, TPM is already being mandated by some Services, it’s readily available on the commercial market, and in most cases is standard on new computer equipment.