Encryption Solutions for Governments
WinMagic’s SecureDoc™ delivers a complete data security solution including government-grade encryption
that reliably and transparently protects intellectual property and PII throughout the organization.
Overview
Encryption of data-at-rest is a critical part of the information security architecture that must be in place to safeguard the Personal Identifiable Information (PII) of the citizens served by government organizations. The government sector is also under intense scrutiny over its handling of this sensitive data, and must maintain rigor in its approach to technology, methods and standards when dealing with data security.
SecureDoc delivers a complete data security solution including government-grade encryption that reliably and transparently protects intellectual property and PII throughout the organization. SecureDoc is FIPS 140-2 validated to meet the requirements of government organizations and agencies.
SecureDoc full-disk encryption products are available under GSA Schedule:
GSA schedule # GS-35F-0795N.
Carolina Advanced Digital, Inc.
PO Box 318, Siler City, NC 27344
Contact person: Susan Jabbusch
Email: susan@cadinc.com
Tel: (919) 663-2211, ext. 102 or (800) 435-2212
Fax: (919) 742-2279
http://www.cadinc.com/
DoD CAC/PIV Card
SecureDoc accommodates a wide variety of security policies related to user authentication. With this kind of flexibility, SecureDoc supports single and multi-factor pre-boot authentication including password, smartcard, USB token, biometrics, the Trusted Platform Module (TPM) and PKI.
When it comes to the US government sector, WinMagic responds to US federal government standards relating to FIPS 201 by supporting Personal Identity Verification (PIV) cards held by US federal employees and contractors; and DoD’s Common Access Cards (CAC) held by active duty military personnel, reserve personnel, civilian employees, non-DoD other government employees, State Employees of the National Guard, and eligible contractor personnel.
In dealing with the heterogeneous IT environment of agencies and departments, SecureDoc for Windows and SecureDoc for Mac both support these specific cards in the pre-boot environment as forms of end-user authentication to laptops and workstations.
Given our extensive experience in securing sensitive information in the government sector, including “Secret Level” data for the NSA, many examples can be referred to including the SecureDoc deployment at Department of State for a FIPS 201/ HSPD-21 compliant project with PKI smartcard and biometrics is the proof of our advanced technology.
The DoD CAC Card integrated with SecureDoc full-disk encryption software permits only authorized users to boot up their PCs or notebook computers authenticating and authorizing users for secure access to their encryption hard drives. WinMagic has completed the certification process with the Department of Defense for the CAC card interoperability with its SecureDoc full-hard disk encryption software.
The Personal Identity Verification (PIV) card allows Government employees and contractors to gain physical access to government resources. SecureDoc is already utilized by many U.S. government agencies, such as the National Security Agency and Homeland Security, and was recently selected for a pilot project with the U.S. Department of State aimed at integrating the Personal Identity Verification (PIV) card and biometrics with Public Key Infrastructure (PKI) and full-disk encryption.
Note that this is not the first time WinMagic’s products are offered to the Department of Defense. Earlier versions of SecureDoc included a FORTEZZA based hard disk encryption, which uses (FORTEZZA) DoD PKI. The FORTEZZA SecureDoc version is certified by the NSA as the RASP Secure Media to protect up to SECRET data for US Government Agencies.
SecureDoc presently has FIPS 140 -2 Level 2, NIST AES accreditation (certification # 1), and Common Criteria EAL-4.
SecureDoc has been deployed WITH SMART CARD INTEGRATION throughout the United States Government including the State Department, DHS, IRS and other departments and has numerous accreditations including Common Criteria, FIPS 140-1 Level 2, DISA Public Key Enable certification with DOD CAC. WinMagic Inc. has completed the certification process with the Department of Defense for the CAC card interoperability with its SecureDoc full-disk encryption software. Products sent to be certified by the DoD must be enabled to take advantage of the services a PKI offers. Without enabled applications, the infrastructure holds little value. It is essential that applications become PKI enabled and utilize the infrastructure. SecureDoc was evaluated to ensure it is enabled correctly and securely, and is interoperable with the DOD PKI.
DoD Joint Interoperability Test Command (JITC) has completed testing this new product for interoperability with the DoD PKI, which provides certificates validation including CA signature check, revocation check through CRL or OCSP and other DoD requirements.
The DoD CAC Card integrated with SecureDoc full-disk encryption software permits only authorized users to boot up their PCs or notebook computers authenticating and authorizing users for secure access to their encryption hard drives. This provides an added measure of security, especially for mobile workers who have a higher risk of having their notebooks lost or stolen.
HSPD-12
There is generally greater awareness and acceptance for the desire and need to combine the logical access and physical access functions of major organizations.
Homeland Security Presidential Directive 12 (HSPD-12) is a Presidential requirement signed on August 27, 2004 requiring Federal agencies comply with mandatory, government-wide standard for secure and reliable forms of identification for Federal employees and contractors. These Personal Identification Verification (PIV) standards (FIPS 201.1) are issued by the National Institute of Standards and Technology (NIST) and are designed to increase facility and computer security, reduce identity fraud, protect the personal privacy of those issued government identification, and ensure a safer work environment for all Federal employees and contractors.
With over 3.1 million active cards, civilian and military bodies will employ the use of either a PIV (personal Identification Verification) or CAC (Common Access Card) card to gain entry to facilities and then authenticate to computer systems and networks.
In order to help these agencies and departments in complying, SecureDoc full-disk encryption from WinMagic ensures protection of sensitive information stored on desktops, and laptops. Offering single or multiple factor pre-boot authentication (including password, USB tokens, biometrics, TPM and PKI), SecureDoc acts as your last line of defense before access can gained computing systems. SecureDoc leverages your token at-boot thereby protecting all applications -VPN, network logon, emails, etc with your token as outlined in the initiative for HSPD-12 and FIPS 201.
Governments
SecureDoc is already utilized by many U.S. government agencies, such as the National Security Agency and Homeland Security, and was recently selected for a pilot project with the U.S. Department of State aimed at integrating the Personal Identity Verification (PIV) card and biometrics with Public Key Infrastructure (PKI) and full-disk encryption. SecureDoc is also the only full-disk encryption solution that supports the DoD Common Access Card!
With SecureDoc Full-Disk Encryption the U.S. Federal Government Agencies will be able to:
Comply with the OMB directive today, and without changing encryption products to comply with FIPS 201 / HSPD-12 later. The SecureDoc deployment at Department of State for a FIPS 201/ HSPD-21 compliant project with PKI smartcard and biometrics is the proof of our advanced technology.
The following list describes features that distinguish WinMagic’s SecureDoc from its competition. While one or two competitors may support some of these features – perhaps five or six – we believe that as many as half of them are available only in SecureDoc.
You’ll notice that many of these differentiating features are significant – replicating them would require considerable insights and effort.
In compiling this list, we haven’t included a number of unique features that do not require deep insights, such as our high-resolution boot logon GUI, our facility to control client computers remotely, or our ability to encrypt user records with different keys (for different administrators).
We’re prepared to demonstrate why SecureDoc is the most secure full-disk encryption product on the market. With SecureDoc, you can be sure your data is well protected – even from us.
To contact us, click here for OMB Support or call 1-888-879 5879 Ext. 1 today! Or click here for a free trial download of SecureDoc software
List of SecureDoc features. To our assessment, about half of the features below are not available in any other software. Please compare for yourself.
| The centralized management software should use a scalable, enterprise class DBMS, such as SQL, that supports distributed computing, backup functionality, replication, clustering, etc. | |
| Interoperability with imaging software (Ghost, Drive Image, Rapid Deploy, Bootworks, Rapid Restore, Rescue & Recovery); meaning users can make backups of encrypted disks as if the disk is not encrypted. | |
| Pre-boot support for smartcards, USB crypto tokens and PKI. WinMagic has delivered smartcard and PKI integration with SecureDoc since 2001 (e.g. to the New Zealand government). | |
| Support for biometrics devices – all at pre-boot. WinMagic’s SecureDoc is the only product to support biometrics at pre-boot. It has been used by the U.S. Department of State in HSPD-12, FIPS 201 compliant projects. |
|
| Support at boot time for the Trusted Platform Module (TPM), the security chip now embedded in newer PCs. | |
| The central server communicates with client PCs via LAN, over the Internet, intermittent network or even with no network access at all. | |
| Users can recover data even if the disk is infected by viruses. | |
| Work with boot manager (Boot Magic, Boot-US, Windows boot manager) and support multiple operating systems (multi-boot). | |
| Robust handling: allow the initial encryption (conversion) to be interrupted – e.g. by power outage – without data loss. | |
| Work with VMWare. SecureDoc works with VMWare “out of the box”. This shows that the SecureDoc design is more compatible than others. | |
| Support for encryption of MO drives. Even though the removable Magneto Optical drives are most popular in Asia, the technology to support drives with sector sizes different than 512 bytes show the thoroughness and the modularity of the SecureDoc software design. | |
|
Support for removable media (USB memory sticks, SD cards, ZIP, JAZ, etc.): Administrators can configure SecureDoc in order to
|
|
| Work with partitioning software such as Partition Magic: Encrypted disk partitions can be resized, partitions can be added or deleted as if the disk is not encrypted. | |
| Support disks larger than 2000 Giga bytes and an unlimited number of partitions. Furthermore, different partitions can be encrypted with different keys, e.g. for sharing. | |
| Support for hibernation mode. | |
| Support RAID controllers. | |
| Encrypt the entire disk, not only partitions. A test at Network Computing showed that users can add partitions and SecureDoc automatically encrypts them. Only one other product can do the same. | |
| Compartmental version: divides the disk into compartments, encrypted by different cryptographic keys. The separation is so strong that a virus in one compartment would not affect the other compartments. | |
| Fast, robust, reliable initial encryption (conversion). User can even run defragmentation during the initial conversion. | |
| Support of SHA-2 instead of SHA-1. WinMagic has used the more advanced SHA-2 with SecureDoc V4 since early 2005 |
Rehabilitation Act
At WinMagic, we are dedicated to helping our government customers implement Section 508 of the Rehabilitation Act. We proactively educate our product groups about designing accessible encryption solutions and document how our software meets the Access Board’s Section 508 Standards. This documentation (Voluntary Product Accessibility Template -VPAT) provides government customers with information needed to conduct market research for Section 508.
