DATA AT REST (DAR) ENCRYPTION SOLUTION WAIVERS UNCLASSIFIED

UNCLASSIFIED//

ATTENTION INVITED TO  

ROUTINE

R 191626Z MAY 11 PSN 404610K15

FM CNO WASHINGTON DC

TO NAVADMIN
ZEN//OU=DOD/OU=NAVY/OU=ADDRESS LISTS(UC)/CN=AL NAVADMIN(UC) ZEN/CNO WASHINGTON 
DC

BT
UNCLAS
QQQQ

SUBJ: DATA AT REST (DAR) ENCRYPTION SOLUTION WAIVERS UNCLASSIFIED// FM CNO 
WASHINGTON DC //N2N6// TO NAVADMIN UNCLAS// NAVADMIN 172/MAY 11//

MSGID/GENADMIN/CNO WASHINGTON DC/MAY 11//

SUBJ/DATA AT REST (DAR) ENCRYPTION SOLUTION WAIVERS//



REF/A/DOC/DOD MEMO/23JUL07//

REF/B/DOC/GENERAL SERVICES ADMINISTRATION (GSA)/18JUN07//

REF/C/MSG/DON CIO WASHINGTON DC/091256Z OCT07//

REF/D/MSG/DON CIO WASHINGTON DC/312021Z JAN09//

REF/E/DOC/DON CIO MEMO/18SEP09//

REF/F/MSG/CNO WASHINGTON DC/071633Z DEC 09//

NARR/REF A IS DEPARTMENT OF DEFENSE (DOD) POLICY MEMO, ENCRYPTION OF  
SENSITIVE UNCLASSIFIED DATA AT REST (DAR) ON MOBILE COMPUTING  DEVICES AND 
REMOVABLE STORAGE MEDIA USED WITHIN THE DOD.  REF B IS  GENERAL SERVICES 
ADMINISTRATION (GSA) ANNOUNCEMENT OF DOD ENTERPRISE  SOFTWARE INITIATIVE (ESI) 
AND SMART BUY DAR BLANKET PURCHASE  AGREEMENT AWARDS.  REF C IS DON DAR 
ENTERPRISE SOLUTION PURCHASE AND  WAIVER GUIDANCE.  REF D ANNOUNCES THE 
AVAILABILITY OF THE DON DAR  ENTERPRISE SOLUTION FOR USE ON ALL NON-NAVY AND 
MARINE CORPS  INTRANET (NMCI) ASSETS.  REF E IS DEPARTMENT OF NAVY CHIEF  
INFORMATION OFFICER (DON CIO) WAIVER TO U.S. NAVY TO EMPLOY THE NMCI  DAR 
ENCRYPTION SOLUTION.  REF F IS NAVY ENTERPRISE DAR  IMPLEMENTATION GUIDANCE.// 
POC/CDR JULIE ROSATI/OPNAV N2N6F15 (INFORMATION ASSURANCE)/LOC:
 WASHINGTON, DC/EMAIL: JULIANA.ROSATI(AT)NAVY.MIL/TEL: 571-256-8523//

RMKS/1.  PER REF A, ALL UNCLASSIFIED DAR THAT HAS NOT BEEN APPROVED  FOR 
PUBLIC RELEASE AND IS STORED ON MOBILE COMPUTING DEVICES AND  REMOVABLE 
STORAGE MEDIA SHALL BE TREATED AS SENSITIVE DATA AND  ENCRYPTED USING 
COMMERCIALLY AVAILABLE ENCRYPTION TECHNOLOGY.  THIS  DON CIO AND DEPUTY DON 
CIO NAVY (DDCIO(N)) COORDINATED MESSAGE  PROVIDES AN UPDATE TO PREVIOUS 
GUIDANCE PROMULGATED IN REFS B  THROUGH F AND OUTLINES A DAR ENCRYPTION 
SOLUTION WAIVER PROCESS.

2.  RECENT REQUESTS TO WAIVE REQUIREMENTS FOUND IN REFS D AND E HAVE  
HIGHLIGHTED THE NEED FOR USE OF DAR ENCRYPTION SOLUTIONS OTHER THAN  THOSE 
CURRENTLY APPROVED BY THE DON.  NEITHER THE DAR ENCRYPTION  SOLUTION CURRENTLY 
EMPLOYED ON NMCI (GUARDIAN EDGE), NOR THE DON'S  ENTERPRISE DAR ENCRYPTION 
SOLUTION (MOBILE ARMOR) IS COMPATIBLE WITH  UNIX, LINUX, RED HAT ENTERPRISE 
LINUX (RHEL) AND MOBILE SYSTEMS  USING WINDOWS 2003 SERVER OPERATING SYSTEMS.  
THUS, UNTIL THE DON  APPROVED ENCRYPTION SOLUTIONS ARE CAPABLE OF SUPPORTING 
UNIX, LINUX,  RED HAT ENTERPRISE LINUX (RHEL) OR MOBILE SYSTEMS USING WINDOWS 
2003  SERVER OPERATING SYSTEMS, SYSTEM/NETWORK OWNERS ARE AUTHORIZED TO  USE 
LINUX UNIFIED KEY SETUP-ON-DISK-FORMAT (LUKS) OR WINMAGIC AS  VIABLE 
ALTERNATIVES.  THESE ALTERNATIVE DAR ENCRYPTION SOLUTIONS ARE  PROVIDED TO 
MEET REQUIREMENTS SPECIFIED IN REF A.  PURCHASING OF DAR  ENCRYPTION SOLUTIONS 
SHALL BE PER PROPER PROCUREMENT PROCEDURES.
 THIS MESSAGE SUPERCEDES PREVIOUS DAR SOLUTION WAIVER GUIDANCE  PROMULGATED IN 
REF C.  SUBMISSION OF WAIVER REQUESTS TO EMPLOY ANY  OTHER DAR ENCRYPTION 
SOLUTION SHALL FOLLOW THE PROCEDURES DESCRIBED  IN PARAGRAPH THREE BELOW.

3.  DAR ENCRYPTION SHALL BE IMPLEMENTED ON ALL UNCLASSIFIED DAR THAT  HAS NOT 
BEEN APPROVED FOR PUBLIC RELEASE AND IS STORED ON MOBILE  COMPUTING DEVICES 
AND REMOVABLE STORAGE MEDIA.  THIS INCLUDES  DESKTOPS, LAPTOPS AND OTHER 
MOBILE COMPUTING DEVICES (E.G.,  BLACKBERRY).  COMMANDS THAT NEED TO PROCURE 
AND IMPLEMENT DAR  ENCRYPTION SOLUTIONS OTHER THAN THOSE IDENTIFIED IN REFS D 
AND E, OR  THE ALTERNATIVES IN PARAGRAPH TWO ABOVE, SHALL SUBMIT A WAIVER  
REQUEST TO THE DDCIO(N) THROUGH THEIR ECHELON II CIO.  WAIVER  REQUESTS SHALL 
BE SIGNED BY THE FIRST FLAG OFFICER OR SENIOR  EXECUTIVE (SES) IN THE 
REQUESTING COMMAND'S CHAIN.  SUBMIT WAIVER  REQUESTS IN MEMO FORMAT AND 
INCLUDE THE FOLLOWING:
A.  DETAILED TECHNICAL REPORT EXPLAINING WHY THE CURRENT DON APPROVED 
SOLUTIONS DO NOT MEET THE COMMAND'S COMPUTING ENVIRONMENT  REQUIREMENTS.
B.  DESCRIPTION OF THE VULNERABILITY AND RISK TO THE DATA CONTAINED  ON THE 
MOBILE DEVICES IF A DAR ENCRYPTION SOLUTION IS NOT USED.
C.  DESCRIPTION AND COST ANALYSIS HIGHLIGHTING WHY THE SYSTEM CANNOT  BE 
CONFIGURED TO BE COMPATIBLE WITH CURRENT DON APPROVED DAR ENCRYPTION 
SOLUTIONS.
D.  DESCRIPTION OF THE PROPOSED SOLUTION. INDICATE WHETHER OR NOT THE PROPOSED 
SOLUTION IS ON THE GSA-APPROVED PRODUCTS LIST OF DAR  ENCRYPTION SOLUTIONS AND 
PROVIDE ITS FEDERAL INFORMATION PROCESSING STANDARDS
 (FIPS)
140-2 CERTIFICATION STATUS. IF THE PROPOSED SOLUTION IS NOT ON THE
 GSA-
APPROVED PRODUCTS LIST OF DAR SOLUTIONS, DESCRIBE WHY A GSA-APPROVED  PRODUCT 
WILL NOT SATISFY THE COMMAND'S COMPUTING ENVIRONMENT REQUIREMENTS.
E.  DETAILED TECHNICAL PLAN OF ACTION AND MILESTONES (POAM) TO FULLY IMPLEMENT 
THE PROPOSED SOLUTION, INCLUDING INTEROPERABILITY  REQUIREMENTS AND THE 
PROPOSED TRAINING AND STAFFING STRATEGY.
F.  DESCRIPTION OF BUDGETING AND LIFE CYCLE SUPPORT PLANS FOR THE  PROPOSED 
SOLUTION.
G.  MIGRATION POAM, IF THE SYSTEM WILL EVENTUALLY MOVE INTO THE NAVAL 
NETWORKING ENTERPRISE AND THUS BE SUPPORTED BY A DON APPROVED SOLUTION.

4.  REQUEST WIDEST DISSEMINATION OF THIS MESSAGE.

5.  RELEASED BY VADM DAVID J. DORSETT, DCNO FOR INFORMATION  DOMINANCE, 
N2N6.//

BT
#9891
NNNN
UNCLASSIFIED//

%d bloggers like this: