[FDE] New DoD encryption mandate and TPM requirements

Bryan Glancey bryan at mobilearmor.com
Fri Aug 17 10:03:57 MDT 2007 

OK. Several people have again had questions, so let's further flesh this
out.

 Please note: the fact that Mobile Armor is included on DARTT aside,
there are several other providers on DARTT - we are not the only one.


The original question that started this thread was:

 8/16/ 2007 Saqib Ali wrote :
" John Grimes' (DOD chief information officer) July 3rd memo is
mandating encryption for all sensitive but unclassified information on
mobile devices in compliance with FIPS 140-2.  "Mobile devices"
include laptops, PDAs, CDs, flash drives, etc.
See:
http://iase.disa.mil/policy-guidance/dod-dar-tpm-decree07-03-07.pdf

Also all new computer assets (servers, notebooks, desktops, PDAs) must
have TPM (if available). I guess this is good news for Wavesys
<http://www.wavesys.com/ >.  Wavesys is the only company that makes
enterprise grade TPM management suite that can be centrally managed.

But I think more and more FDE vendors will now start supporting TPM
for encryption key management, and trusted device management."


My entire point is that the second part of the e-mail is correct, and
the first isn't (good news for Wavesys), under the following rationale:

The Grimes Memo, which perhaps we should post in its' entirety, requires
future machines to have TPM. TPM was a Technical Requirement under DARTT
to store FDE keys, it was a desirable feature which all FDE vendors have
different answers for (some do it today). 

Wave's solution will not benefit by this, because it does not manage any
of the DARTT selected software. I have personally been having
discussions about this with several DOD agencies, and have had this
confirmed. 


So, if you are using TPM for some other purpose besides encryption of
DAR, then sure you can use Wave's management tools. IF you would like to
use it to manage encryption like that in the Dell laptops or Momentus
hard disks, then you're out of luck. 

Regards;

Bryan

------------------------------------
Mobile Armor
Bryan E. Glancey
Senior Vice President & Chief Technology Officer
bryan at mobilearmor.com
400 South Woods Mill Rd.
Suite 110
Chesterfield, MO 63017
tel: 877-276-6778
fax: 877-277-7369
mobile: 314-495-2048
http://www.mobilearmor.com/
------------------------------------


-----Original Message-----
From: fde-bounces at www.xml-dev.com [mailto:fde-bounces at www.xml-dev.com]
On Behalf Of Ali, Saqib
Sent: Friday, August 17, 2007 12:18 AM
To: fde at www.xml-dev.com
Subject: Re: [FDE] New DoD encryption mandate and TPM requirements

On 8/16/07, Bryan Glancey <bryan at mobilearmor.com> wrote:
> The rest of Grimes Memo links to the DARTT (Data At Rest Tiger Team) -
> which does not include Wave Sys. Therefore Wave Sys is legally barred
> from Federal Government sales for the next 5 years.

As the name (Data At Rest) suggests, the list only includes encryption
providers. Whereas Wavesys is a TPM management suite. Which is a
completely different beast. Barring Wavesys from Gov't sales would not
make much sense, as it is the only viable enterprise grade TPM
management suite.

saqib
http://www.linkedin.com/in/encryption
_______________________________________________
FDE mailing list
FDE at www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

More information about the FDE mailing list