Protecting PII on Removable Storage Devices
By DON CIO Privacy Team - Published, February 25, 2010
The Department of the Navy, Department of Defense and Office of Management and Budget (OMB) have mandated the protection of data at rest (DAR) on all unclassified network seats/devices. NMCI is implementing a solution using GuardianEdge Encryption Anywhere and Removable Storage software to meet these requirements. All data in computer storage as well as data written to a removable storage device will be encrypted. This Privacy Tip highlights the need for NMCI users to fully protect privacy sensitive data on removable storage devices.
The information below was modified from the NMCI Homeport web site guidance found at: https://www.homeport.navy.mil/management/data-at-rest/. Other DON networks are implementing DON-approved DAR solutions and may have slightly different data security processes.
DAR refers to all data in computer storage. This includes data on desktop and laptop hard drives. The drives are fully encrypted including data files that were stored prior to DAR implementation. Lost, stolen or missing laptop and desktop computers that have been pushed DAR security software and that have unclassified personally identifiable information (PII) stored to the hard drive are considered low-risk security breaches but must still be reported in accordance with the DON breach reporting policy.
Data residing on all removable storage devices such as external Universal Serial Bus (USB) hard drives, floppy disks, flash drives (thumb drives), compact discs (CDs), digital video discs (DVDs), and BlackBerry devices are encrypted under the following conditions:
- Once you connect a removable storage device to an NMCI seat's USB port, the GuardianEdge Removable Storage (GERS) utility is copied to the device.
- Data saved or copied from an NMCI seat to a removable storage device with GuardianEdge installed is encrypted. Data existing on a removable storage device before GuardianEdge is installed is left unencrypted. However, this removable storage data is encrypted when it is modified in any way after GuardianEdge is installed.
- When connecting your removable storage device to a computer without GuardianEdge installed, you can use the GERS utility to decrypt or re-encrypt your removable storage data.
More detailed instructions for working with the GuardianEdge removable storage solution can be found on the NMCI Homeport. Instructions include:
- Setting a Default Password for Removable Storage in GuardianEdge
- Setting a Default Certificate for Removable Storage in GuardianEdge
- Copying Encrypted Data to a Removable Storage Device
- Burning an Encrypted CD or DVD Using GuardianEdge
- Decrypting Removable Storage Device Data using the GuardianEdge Utility
- Encrypting Removable Storage Device Data using the GuardianEdge Utility