By Saqib Ali
December 28,2006

To address the issue of data leaks from stolen or missing laptops, US Government is planning to use Full Disk Encryption (FDE) on all of the Government owned computers. On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The US Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The selected product will be deployed on Millions of computers in the US federal government space. The evaluation will come to a end in 90 days.

The list of vendors partipicating in this contest, requirements, and other related documents are available at:
http://www.fbo.gov/spg/USAF/AFMC/ESC/FA8771-07-R-0001/Attachments.html

Some of the popular FDE vendors participating in the Contest include Seagate, Mobile Armor, Pointsec, SafeNet, and Credant

As with any other encryption product being used by Federal Government, the selected FDE product must have FIP 140-2 certification. Currently Pointsec and Utimaco hold this certification for the software based FDE solutions.

Full disk encryption (or whole disk encryption) is a kind of disk encryption (software or hardware) which encrypts every bit of data that goes on a disk. The term "full disk encryption" is often used to signify that everything on a disk including the operating system is encrypted. There are also programs capable of encrypting an entire disk fully but cannot directly encrypt the system partition or boot partition of the operating system (e.g. TrueCrypt, which can fully encrypt, for example, an entire secondary hard disk).

Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. The following are some benefits of full disk encryption:

1. Everything including the swap space and the temporary files are encrypted. Encrypting these files is important, as they can reveal important confidential data.
2. With full disk encryption, the decision of which files to encrypt is not left up to users.
3. Support for pre-boot authentication.

In the light of recent laptops theft and data security breaches, large corporations and government institutions are looking at various Full Disc Encryption (FDE) solution to protect their confidential data on mobile devices. If you would like to discuss more about FDE deployment and FDE solution in general please FDE Mailing List