DOD mandates data encryption for mobile devices

DOD data-at-rest encryption policy for mobile devices (.pdf)

Pentagon officials must ensure certain data stored on mobile devices is encrypted in compliance with the National Institute of Standards and Technology's Federal Information Processing Standard 140-2, according to a new Defense Department policy.

The policy, signed on July 3 by Pentagon Chief Information Officer John Grimes, mandates that all unclassified data not approved for public release should be treated as sensitive and must be encrypted. The policy does not apply to information cleared for public release.

The term mobile devices describes laptop PCs and personal digital assistants, as well as removable storage media, like thumb drives and compact discs, Grimes wrote in a memo to senior Defense Department leaders.

The policy instructs Pentagon officials to pay particular attention to the encryption of mobile devices used by senior DOD officials, like flag officers and senior executives, who travel frequently outside the continental United States. According to Grimes, the loss or theft of mobile devices storing U.S. defense information abroad is especially severe.

The FIPS 140-2 specification was approved in 2001 and grew out of Federal Standard 1027, General Security Requirements for Equipment, which used the now-outdated Data Encryption Standard. NIST is now working on the next iteration, FIPS 140-3.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.