Department of Navy Chief Information Officer - News: Protecting PII on Removable Storage Devices

Audit Readiness of IT Systems (0)	DIACAP (12)	Information Sharing (48)	Open Source (3)
Awards (35)	DON Enterprise Architecture (49)	IT Asset Management (20)	Performance Measurement (2)
Business Case Analysis (11)	Enterprise Licensing Agreements (12)	IT Efficiencies (119)	Personal Electronic Device (17)
CIO Authorities (56)	Enterprise Services (35)	IT Expenditure Approval Authority (12)	Printing and Imaging (Copiers/MFDs) (17)
Civil Liberties (21)	Enterprise Software Initiative (32)	IT Governance (48)	Privacy (257)
Clinger-Cohen Act Compliance (25)	FISMA (11)	IT Infrastructure (17)	Public Key Infrastructure (19)
Cloud Computing (21)	Forms/Reports (14)	IT Investment Management (77)	Records Management (38)
Common Access Card (9)	Freedom of Information Act (27)	IT Portfolio Management (1)	Section 508 (10)
Cybersecurity (240)	Functional Area Manager (9)	Knowledge Management (34)	Social Media (31)
Cyberspace/IT Workforce (34)	GIG Standards (20)	Naval Enterprise Networks (38)	Spectrum (56)
DADMS/DITPR-DON (42)	Green IT (10)	Naval Networking Environment (12)	Statutory & Regulatory Compliance (11)
Data at Rest (10)	Identity Management (112)	NGEN (18)	Telecommunications (62)
Data Center Consolidation (37)	IM/IT Strategy (44)	NMCI (27)	Wireless (65)
Data Strategy (12)	Information Assurance (63)

Protecting PII on Removable Storage Devices

By DON CIO Privacy Team - Published, February 25, 2010

The Department of the Navy, Department of Defense and Office of Management and Budget (OMB) have mandated the protection of data at rest (DAR) on all unclassified network seats/devices. NMCI is implementing a solution using GuardianEdge Encryption Anywhere and Removable Storage software to meet these requirements. All data in computer storage as well as data written to a removable storage device will be encrypted. This Privacy Tip highlights the need for NMCI users to fully protect privacy sensitive data on removable storage devices.

The information below was modified from the NMCI Homeport web site guidance found at: https://www.homeport.navy.mil/management/data-at-rest/. Other DON networks are implementing DON-approved DAR solutions and may have slightly different data security processes.

DAR refers to all data in computer storage. This includes data on desktop and laptop hard drives. The drives are fully encrypted including data files that were stored prior to DAR implementation. Lost, stolen or missing laptop and desktop computers that have been pushed DAR security software and that have unclassified personally identifiable information (PII) stored to the hard drive are considered low-risk security breaches but must still be reported in accordance with the DON breach reporting policy.

Data residing on all removable storage devices such as external Universal Serial Bus (USB) hard drives, floppy disks, flash drives (thumb drives), compact discs (CDs), digital video discs (DVDs), and BlackBerry devices are encrypted under the following conditions:

Once you connect a removable storage device to an NMCI seat's USB port, the GuardianEdge Removable Storage (GERS) utility is copied to the device.
Data saved or copied from an NMCI seat to a removable storage device with GuardianEdge installed is encrypted. Data existing on a removable storage device before GuardianEdge is installed is left unencrypted. However, this removable storage data is encrypted when it is modified in any way after GuardianEdge is installed.
When connecting your removable storage device to a computer without GuardianEdge installed, you can use the GERS utility to decrypt or re-encrypt your removable storage data.

More detailed instructions for working with the GuardianEdge removable storage solution can be found on the NMCI Homeport. Instructions include:

Setting a Default Password for Removable Storage in GuardianEdge
Setting a Default Certificate for Removable Storage in GuardianEdge
Copying Encrypted Data to a Removable Storage Device
Burning an Encrypted CD or DVD Using GuardianEdge
Decrypting Removable Storage Device Data using the GuardianEdge Utility
Encrypting Removable Storage Device Data using the GuardianEdge Utility

TAGS: Cybersecurity, DAR, Privacy

Processing of Electronic Storage Media for Disposal

DON Public Affairs Policy and Regulations

Safeguarding Personally Identifiable Information

DON Privacy Impact Assessment Guidance

DON CIO Information

Online Services & Community

RSS Feeds

DON CIO FOIA

DON CIO Mobile Website

Website Accessibility

External Links Disclaimer

SECNAV DON CIO • 1000 Navy Pentagon
Washington, DC 20350-1000

This is an official U.S. Navy website (DoD Resource Locator 45376) sponsored by the Department of the Navy Chief Information Officer (DON CIO). The purpose of this website is to facilitate effective information flow about information management/information technology and cybersecurity issues and initiatives occuring within the Department of the Navy.

Please read our Privacy Policy notice.
Please read our Section 508/Accessibility Statement.

Trending

Protecting PII on Removable Storage Devices

By DON CIO Privacy Team - Published, February 25, 2010

TAGS: Cybersecurity, DAR, Privacy

DON CIO Information

Online Services & Community