DAR Encryption on mobile devices

E-mail dated February 27, 2014, from Paul E. Exter, USGS CTO, to GS IT All

Information Technology Specialists,

The purpose of this communication is to request compliance with the requirements from the Office of Management and Budget (OMB) and the Department of the Interior (DOI) for Data at Rest (DAR) encryption on laptop (mobile) devices.

All Federal agencies are required to encrypt sensitive data on mobile devices. The DOI has awarded a contract to McAfee, for the McAfee Encryption Solution, to be installed on all laptop devices, carrying Sensitive Information. Sensitive Information (SI) includes, but is not limited to Personally Identifiable Information, sensitive contracting data, proprietary data or internal communications that contain SI.

Action Required

Science Center and Offices must deploy the McAfee Full Disk Encryption solution on all laptops containing SI orensure the primary laptop user completes an Assertion of Non-Sensitivity (ANS) form by May 30, 2014. The ANS form must be renewed when the primary user of the device changes or when the data types stored on the device change.

McAfee Full Disk Encryption installation instructions are available at: http://itsot.usgs.gov/DAR.

Existing deployments of DAR may be running the older 6.x version of the McAfee software. Upgrading to version 7.x is also required by May 30, 2014. The upgrade procedure is quick with little or no impact to end users. Please contact the USGS DAR team (gs_data_at_rest@usgs.gov) to request the 7.x upgrade for your site.

Science Center and Offices also need to delete stale clients from the McAfee console. The USGS DAR team will periodically delete clients which have not checked in to the console in 90 days. If you have active encrypted clients which are not able to check in with the console every 90 days, please contact the DAR team so an exception can be made.

Assertion of Non-Sensitivity (ANS)

Any laptop which DOES NOT and WILL NOT contain SI may be exempted from the encryption requirement by having the primary user of that system submit an electronic Assertion of Non-Sensitivity (ANS) request. The request must ultimately be approved by the DOI Chief Information Officer (CIO), through USGS line management authority. However, any user who has submitted an encryption exemption request via the ANS form may continue to use their system, unencrypted, until the approval decision has been made regarding the USGS exceptions to policy.

Please note the electronic form will pre-populate the computer’s host name when accessed via Internet Explorer. If Chrome is used, the user will have to look up and type the computer’s host name. Therefore, please use Internet Explorer when competing the ANS form.

Information Technology Specialists are encourage to complete the ANS process, with the employee, in the normal set process of their laptop, or by sending a communication to those in your office who require ANS and do not require DAR, with the URL certification above. The primary user of the laptop must be logged in, for the ANS form to populate in their name. Regardless, of which method IT Specialists use, all employees who have mobile devices that do not require DAR are required to have an ANS form on file with the USGS Chief Information Security Officer.
The ANS Form is available at: https://ecomputing.usgs.gov/apps/admin/ans/.

The paper assertion forms that were used previously are no longer valid and any employee having previously submitted the ANS forms will need to resubmit their request via the electronic form.

Through this process, we are asking the IT Specialist and the employee to make the determination of whether on not SI is contained on their mobile device. For devices with SI, DAR is required. For devices without SI, ANS is required. DAR or ANS must be completed on USGS laptop devices by May 30, 2014.

If you have questions or concerns, please email the Data at Rest team at gs_data_at_rest@usgs.gov.

http://internal.usgs.gov/gio/ito/memos/20140319_exter_email.html