Document

Security Characteristics for data at rest encryption

Created:  26 Aug 2016
Updated:  26 Aug 2016
Data at rest encryption Security Characteristics (SC) cover products which provide encryption for sensitive date on mass storage media

Security Characteristics describe the properties that we expect security products of a certain category to exhibit, based on our understanding of technology and threat, and developed to support the UK Government ICT Strategy.

CPA SC Full Disk Encryption - Authorisation Acquisition v1-0 CC-Mapping.pdf

PDF, 313.81KB

This file may not be suitable for users of assistive technology.

CPA SC Full Disk Encryption - Encryption Engine v1-0 CC-Mapping.pdf

PDF, 294.25KB

This file may not be suitable for users of assistive technology.

CPA SC Data at Rest Encryption for Always On Mobile Devices v1-1 CC-Mapping.pdf

PDF, 378.25KB

This file may not be suitable for users of assistive technology.

CPA SC Enterprise Management of Data at Rest Encryption v1-0.pdf

PDF, 1042.33KB

This file may not be suitable for users of assistive technology.

CPA SC Hardware Media Encryption v1-2.pdf

PDF, 475.95KB

This file may not be suitable for users of assistive technology.

CPA SC Software Full Disk Encryption v1-23.pdf

PDF, 876.86KB

This file may not be suitable for users of assistive technology.

CPA SC Software Encryption of Removable Media v1-0.pdf

PDF, 464.86KB

This file may not be suitable for users of assistive technology.

Data at rest encryption

  1. Full Disk Encryption - Authorisation Acquisition (CC Mapping): CPA SC

    Full disk encryption protects the confidentiality of data at rest. Such solutions come in two parts – an encryption engine component that performs the bulk encryption and decryption of information, and an “Authorisation Acquisition” component covered by this Security Characteristic (SC). This combination protects data against loss or theft of the storage media by ensuring that the user data is properly encrypted and is only accessible if a number of credentials are presented.

  2. Full Disk Encryption - Encryption Engine (CC Mapping): CPA SC

    Full disk encryption solutions protect the confidentiality of data at rest. Such solutions come in two parts – an authorisation gathering component and an “Encryption Engine” which performs the bulk encryption and decryption of information. This combination protects data against loss or theft of the storage media by ensuring that all user data is properly encrypted and is only accessible if a number of credentials are presented.

  3. Data at Rest Encryption - Always-on Mobile Devices (CC Mapping): CPA SC

    These security products aim to maintain the confidentiality of data stored on an ‘always-on’ mobile device by encrypting the data and providing controlled access to it. This protects the data if the mobile device is lost or stolen.

  4. Enterprise Management of Data at Rest Encryption: CPA SC

    Allows the remote administration of key components of data at rest encryption products, including policy management, user account management, device encryption key management, device recovery and device purging.

  5. Hardware Media Encryption: CPA SC

    Hardware Media Encryption products are designed to maintain the confidentiality of data on mass storage devices through the addition of cryptographic hardware. These devices must enclose the encryption capabilities within an anti-tamper boundary, providing assurance over the integrity of the encryption algorithms.

  6. Software Full Disk Encryption: CPA SC

    The primary purpose of a software disk encryption product is to protect the confidentiality of data at rest. Products can also provide some integrity protection of the protected data. This Security Characteristic (SC) does not define requirements for removable media encryption. Although some software disk encryption products also support removable media encryption, this is out of scope for this document.

  7. Software Encryption of Removable Media: CPA SC

    The primary purpose of a software disk encryption product is to protect the confidentiality of data at rest. Products can also provide some integrity protection of the protected data. This Security Characteristic does not define requirements for removable media encryption. Although some software disk encryption products also support removable media encryption, this is out of scope for this document.

Topics

Was this document helpful?

We need your feedback to improve this content.

Yes No